925 matches found
WhoDB allows parameter injection in DB connection URIs leading to local file inclusion
Summary The application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. Details The application uses string concatenation to build database connection URIs which are then passed to...
CVE-2025-24787
WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...
CVE-2025-24787 Parameter injection in DB connection URIs leading to local file inclusion in WhoDB
WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...
CVE-2025-24787
CVE-2025-24787 affects WhoDB, where unsafe construction of database connection URIs (string concatenation) can inject parameters into the URI. Attackers can leverage the go-sql-driver/mysql parameter allowAllFiles to trigger LOAD DATA LOCAL INFILE, enabling local-file disclosure on the host runni...
CVE-2025-24787 Parameter injection in DB connection URIs leading to local file inclusion in WhoDB
WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build...
Humming Heads Defense Platform 参数注入漏洞
Humming Heads Defense Platform is a network security software from Humming Heads, Inc. A parameter injection vulnerability exists in Humming Heads Defense Platform Ver.3.9.51.x and prior versions, which stems from improper parameter delimiter neutralization, and could cause a blue screen of death...
PT-2025-5857
Name of the Vulnerable Software and Affected Versions WhoDB versions prior to 0.45.0 Description The application is vulnerable to parameter injection in database connection strings, allowing an attacker to read local files on the machine the application is running on. This is due to the use of...
CVE-2024-0840
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...
CVE-2024-8125
Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management Extended ECM allows Parameter Injection. A bad actor with the required OpenText Content Management privileges not root could expose the vulnerability to carry out a remote code execution attack on the...
CVE-2024-8125 A remote code vulnerability has been discovered in OpenText™ Content Management.
Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management Extended ECM allows Parameter Injection. A bad actor with the required OpenText Content Management privileges not root could expose the vulnerability to carry out a remote code execution attack on the...
CVE-2024-8125
CVE-2024-8125 affects OpenText Content Management (Extended ECM) with the WebReports module installed and enabled, versioned 10.0–24.4. The vulnerability is due to improper validation of a specified input type, enabling parameter injection that could lead to remote code execution. The exposure re...
CVE-2024-8125 A remote code vulnerability has been discovered in OpenText™ Content Management.
Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management Extended ECM allows Parameter Injection. A bad actor with the required OpenText Content Management privileges not root could expose the vulnerability to carry out a remote code execution attack on the...
PT-2025-3697 · Opentext · Opentext Content Management
Name of the Vulnerable Software and Affected Versions: OpenText Content Management Extended ECM versions 10.0 through 24.4 Description: The issue is related to improper validation of specified input types, allowing parameter injection. An actor with necessary privileges could exploit this to carr...
CVE-2025-0930
Reflected Cross-Site Scripting XSS in TeamCal Neo, version 3.8.2. This allows an attacker to execute malicious JavaScript code, after injecting code via the ‘abs’ parameter in ‘/teamcal/src/index.php’...
CVE-2025-23051
An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary system files...
CVE-2025-23051 Authenticated Remote Code Execution in AOS Web-based Management Interface
An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary system files...
CVE-2025-23051 Authenticated Remote Code Execution in AOS Web-based Management Interface
An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary system files...
PT-2025-4793 · Aruba · Arubaos
Name of the Vulnerable Software and Affected Versions: ArubaOS versions AOS-8 through AOS-10 Description: An authenticated parameter injection vulnerability exists in the web-based management interface of the ArubaOS. Successful exploitation could allow an authenticated user to leverage parameter...
Hewlett Packard Enterprise ArubaOS 安全漏洞
Hewlett Packard Enterprise ArubaOS HPE ArubaOS is a networked wireless operating system from Hewlett Packard Enterprise. A security vulnerability exists in Hewlett Packard Enterprise ArubaOS that stems from an authenticated parameter injection vulnerability, which can be exploited successfully to...
CVE-2025-22614 WeGIA Cross-Site Scripting (XSS) Stored endpoint 'dependente_editarInfoPessoal.php ' parameters 'nome' 'SobrenomeForm'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the dependenteeditarInfoPessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious...