925 matches found
AyaCMS 参数注入漏洞
AyaCMS is an extremely simple and free open source PHP website builder. A security vulnerability exists in AyaCMS version 3.1.2, which can be exploited by easily deleting files via /aya/module/admin/fstdel.inc.php...
Siemens SIMATIC WinCC OA Ultralight Client Parameter Injection Vulnerability
SIMATIC WinCC Open Architecture OA is part of the SIMATIC HMI family. It is designed for applications that require a high degree of customer-specific adaptability, large or complex applications, and projects that require specific system requirements or functionality. A parameter injection...
CVE-2022-44731
A vulnerability has been identified in SIMATIC WinCC OA V3.15 All versions V3.15 P038, SIMATIC WinCC OA V3.16 All versions V3.16 P035, SIMATIC WinCC OA V3.17 All versions V3.17 P024, SIMATIC WinCC OA V3.18 All versions V3.18 P014. The affected component allows to inject custom arguments to the...
Siemens部分产品 参数注入漏洞
SIMATIC WinCC Open Architecture OA is part of the SIMATIC HMI family. It is designed for applications that require a high degree of customer-specific adaptability, large or complex applications, and projects that require specific system requirements or functionality. A parameter injection...
CVE-2022-4257 C-DATA Web Management System GET Parameter jumpto.php argument injection
A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be...
GitHub Enterprise Server 参数注入漏洞
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.7.1, which...
The vulnerability of Websoft HCM’s automation software for HR processes lies in the lack of a mechanism for generating error reports. This allows attackers to gain unauthorized access to protected information.
The vulnerability of Websoft HCM’s automation software for HR processes is related to deficiencies in the mechanism for generating error reports. Exploiting this vulnerability allows a malicious actor to inject incorrect values into parameters, thereby obtaining additional information in error...
CVE-2022-36180
Fusiondirectory 1.3 is vulnerable to Cross Site Scripting XSS via /fusiondirectory/index.php?message=injection, /fusiondirectory/index.php?message=invalidparameter&plug=Injection, /fusiondirectory/index.php?signout=1&message=injection&plug=106...
Vesta Control Panel 参数注入漏洞
Vesta Control Panel VestaCP is an open source web hosting control panel. A security vulnerability exists in Vesta Control Panel that originates in an unknown function in the func/main.sh file of the sed Handler component and suffers from parameter injection...
Xfce 参数注入漏洞
Xfce is a desktop environment by the individual developer Olivier Fourdan for Unix and Unix-like operating systems such as Linux and FreeBSD. Xfce A parameter injection vulnerability exists in Xfce xfce4-settings versions prior to 4.16.4, 4.17.x through 4.17.1, which stems from escaping character...
Sanitization Management System SQL注入漏洞
Sanitization Management System is a sanitization management system by Carlo Montero Personal Developer. Sanitization Management System v1.0 is vulnerable to a SQL injection vulnerability that was discovered via the id parameter of /admin/?page=orders/managerequest to contain a SQL injection...
Sql injection
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete'...
CVE-2022-3671
A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed...
Vesta Control Panel 参数注入漏洞
Vesta Control Panel VestaCP is an open source web hosting control panel. A parameter injection vulnerability exists in Vesta Control Panel versions prior to 0.9.8-26-43 and Vesta Control Panel versions prior to 0.9.8-26, which stems from the fact that when it sends an HTTP POST request to the...
Rukovoditel 跨站脚本漏洞
Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management, customer relationship management and other features. A security vulnerability exists in Rukovoditel version v3.2.1 that originated from allowing an attacker to...
Gitea 参数注入漏洞
Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in versions of Gitea prior to 1.17.3, which stems from its failure to clean up and escape references in the git backend resulting in incorrectly handled arguments to git commands...
LibreOffice 参数注入漏洞
LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes the Writer text documents, Calc spreadsheets and Impress presentations applications. A security vulnerability exists in The Document Foundation LibreOffice versions 7.3 through 7.3.6 and 7.4...
Cisco SD-WAN Parameter Injection Vulnerability
Cisco SD-WAN is a highly secure cloud-scale architecture from Cisco that is open, programmable, and scalable. A parameter injection vulnerability exists in the CLI of Cisco SD-WAN Software, which stems from insufficient validation of inputs. Detailed vulnerability details are not available at thi...
Ahsay Systems Cloud Backup Suite 参数注入漏洞
Ahsay Systems Cloud Backup Suite is a centralized cloud backup solution from Ahsay Systems in Hong Kong, China. The product supports features such as database backup and physical server backup. A parameter injection vulnerability exists in Ahsay Systems Cloud Backup Suite version 9.1.4.0. An...
CVE-2022-36257
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc...