14 matches found
CVE-2019-25366
microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explodetree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and...
CVE-2019-25366 microASP Portal+ CMS SQL Injection via pagina.phtml
microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explodetree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and...
CVE-2019-25366
microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explodetree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and...
PT-2026-21437
microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explode tree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and...
CVE-2020-36912
Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the 'PantallaLogin' script that allows attackers to manipulate the 'pagina' GET parameter. Attackers can craft malicious links that redirect users to arbitrary websites by exploiting improper input...
CVE-2020-36912 Plexus anblick Digital Signage Management 3.1.13 Open Redirect via Pagina Parameter
Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the 'PantallaLogin' script that allows attackers to manipulate the 'pagina' GET parameter. Attackers can craft malicious links that redirect users to arbitrary websites by exploiting improper input...
CVE-2020-36912 Plexus anblick Digital Signage Management 3.1.13 Open Redirect via Pagina Parameter
Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the 'PantallaLogin' script that allows attackers to manipulate the 'pagina' GET parameter. Attackers can craft malicious links that redirect users to arbitrary websites by exploiting improper input...
CVE-2020-36912
Plexus anblick Digital Signage Management 3.1.13 suffers an open redirect in the PantallaLogin script, exploited by manipulating the pagina GET parameter due to improper input validation. This allows redirection to arbitrary websites; CVE-2020-36912 details network-based impact with high severity...
PT-2026-1446
Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the 'PantallaLogin' script that allows attackers to manipulate the 'pagina' GET parameter. Attackers can craft malicious links that redirect users to arbitrary websites by exploiting improper input...
Quiter Gateway SQL注入漏洞
Quiter Gateway is an API interface from Quiter Spain. A SQL injection vulnerability exists in Quiter Gateway versions prior to 4.7.0, which stems from an SQL injection in the pagina.filter.categoria parameter, which could lead to database manipulation...
Amministrazione Aperta < 3.8 - Admin+ LFI
The plugin does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected...
pagina-avocatilor.com Cross Site Scripting vulnerability OBB-1303518
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
LAquis SCADA Web Server PAGINA Command Injection (CVE-2018-18992)
A command injection vulnerability exists in SCADA. The vulnerability is due to improper handling of specific PAGINA parameter submitted in requests. Successful exploitation results in the execution of arbitrary commands with the privileges of the web server process...
Cross site scripting
Cross-site scripting XSS vulnerability in view.php in TuttoPhp 1 Morris Guestbook 1, 2 Pretty Guestbook 1, and 3 Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter...