6 matches found
CVE-2025-70791
Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The iss...
CVE-2009-0431
SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter...
CVE-2009-0431
SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter...
Sql injection
SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter...
CVE-2009-0431
SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter...
CVE-2009-0431
The CVE-2009-0431 entry describes an SQL injection vulnerability in the Default.asp page of LinksPro Standard Edition . The flaw allows remote attackers to inject arbitrary SQL commands through the OrderDirection parameter, enabling potential data exposure or modification. The issue is evidenced ...