Lucene search
K

925 matches found

CNNVD
CNNVD
added 2022/12/22 12:0 a.m.6 views

AyaCMS 参数注入漏洞

AyaCMS is an extremely simple and free open source PHP website builder. A security vulnerability exists in AyaCMS version 3.1.2, which can be exploited by easily deleting files via /aya/module/admin/fstdel.inc.php...

9.8CVSS8.3AI score0.0079EPSS
Exploits1References3
CNVD
CNVD
added 2022/12/14 12:0 a.m.33 views

Siemens SIMATIC WinCC OA Ultralight Client Parameter Injection Vulnerability

SIMATIC WinCC Open Architecture OA is part of the SIMATIC HMI family. It is designed for applications that require a high degree of customer-specific adaptability, large or complex applications, and projects that require specific system requirements or functionality. A parameter injection...

5.4CVSS5.5AI score0.00532EPSS
Exploits0References1
OSV
OSV
added 2022/12/13 4:15 p.m.4 views

CVE-2022-44731

A vulnerability has been identified in SIMATIC WinCC OA V3.15 All versions V3.15 P038, SIMATIC WinCC OA V3.16 All versions V3.16 P035, SIMATIC WinCC OA V3.17 All versions V3.17 P024, SIMATIC WinCC OA V3.18 All versions V3.18 P014. The affected component allows to inject custom arguments to the...

5.4CVSS5.8AI score0.00532EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.3 views

Siemens部分产品 参数注入漏洞

SIMATIC WinCC Open Architecture OA is part of the SIMATIC HMI family. It is designed for applications that require a high degree of customer-specific adaptability, large or complex applications, and projects that require specific system requirements or functionality. A parameter injection...

5.4CVSS7.3AI score0.00532EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/12/01 12:0 a.m.4 views

CVE-2022-4257 C-DATA Web Management System GET Parameter jumpto.php argument injection

A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be...

6.3CVSS7.1AI score0.4393EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.3 views

GitHub Enterprise Server 参数注入漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.7.1, which...

8.8CVSS8.3AI score0.01116EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/11/23 12:0 a.m.5 views

The vulnerability of Websoft HCM’s automation software for HR processes lies in the lack of a mechanism for generating error reports. This allows attackers to gain unauthorized access to protected information.

The vulnerability of Websoft HCM’s automation software for HR processes is related to deficiencies in the mechanism for generating error reports. Exploiting this vulnerability allows a malicious actor to inject incorrect values into parameters, thereby obtaining additional information in error...

6.8CVSS5.5AI score
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/22 12:0 a.m.5 views

CVE-2022-36180

Fusiondirectory 1.3 is vulnerable to Cross Site Scripting XSS via /fusiondirectory/index.php?message=injection, /fusiondirectory/index.php?message=invalidparameter&plug=Injection, /fusiondirectory/index.php?signout=1&message=injection&plug=106...

8.8AI score0.01041EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/11/13 12:0 a.m.3 views

Vesta Control Panel 参数注入漏洞

Vesta Control Panel VestaCP is an open source web hosting control panel. A security vulnerability exists in Vesta Control Panel that originates in an unknown function in the func/main.sh file of the sed Handler component and suffers from parameter injection...

7.8CVSS7.3AI score0.00221EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/11/09 12:0 a.m.8 views

Xfce 参数注入漏洞

Xfce is a desktop environment by the individual developer Olivier Fourdan for Unix and Unix-like operating systems such as Linux and FreeBSD. Xfce A parameter injection vulnerability exists in Xfce xfce4-settings versions prior to 4.16.4, 4.17.x through 4.17.1, which stems from escaping character...

9.8CVSS8.2AI score0.01406EPSS
Exploits0References11
CNNVD
CNNVD
added 2022/11/01 12:0 a.m.2 views

Sanitization Management System SQL注入漏洞

Sanitization Management System is a sanitization management system by Carlo Montero Personal Developer. Sanitization Management System v1.0 is vulnerable to a SQL injection vulnerability that was discovered via the id parameter of /admin/?page=orders/managerequest to contain a SQL injection...

7.2CVSS7.3AI score0.00804EPSS
Exploits1References2
Prion
Prion
added 2022/10/31 8:15 p.m.24 views

Sql injection

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete'...

6.5CVSS8.8AI score0.00585EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/10/26 5:15 p.m.3 views

CVE-2022-3671

A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed...

9.8CVSS5.8AI score0.00973EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/10/24 12:0 a.m.6 views

Vesta Control Panel 参数注入漏洞

Vesta Control Panel VestaCP is an open source web hosting control panel. A parameter injection vulnerability exists in Vesta Control Panel versions prior to 0.9.8-26-43 and Vesta Control Panel versions prior to 0.9.8-26, which stems from the fact that when it sends an HTTP POST request to the...

7.2CVSS7.7AI score0.05241EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.3 views

Rukovoditel 跨站脚本漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management, customer relationship management and other features. A security vulnerability exists in Rukovoditel version v3.2.1 that originated from allowing an attacker to...

5.4CVSS6.1AI score0.00961EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/10/16 12:0 a.m.19 views

Gitea 参数注入漏洞

Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in versions of Gitea prior to 1.17.3, which stems from its failure to clean up and escape references in the git backend resulting in incorrectly handled arguments to git commands...

9.8CVSS5.7AI score0.01051EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/10/11 12:0 a.m.2 views

LibreOffice 参数注入漏洞

LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes the Writer text documents, Calc spreadsheets and Impress presentations applications. A security vulnerability exists in The Document Foundation LibreOffice versions 7.3 through 7.3.6 and 7.4...

6.3CVSS6.9AI score0.04354EPSS
Exploits0References15
CNVD
CNVD
added 2022/10/08 12:0 a.m.24 views

Cisco SD-WAN Parameter Injection Vulnerability

Cisco SD-WAN is a highly secure cloud-scale architecture from Cisco that is open, programmable, and scalable. A parameter injection vulnerability exists in the CLI of Cisco SD-WAN Software, which stems from insufficient validation of inputs. Detailed vulnerability details are not available at thi...

6.7CVSS6.5AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.4 views

Ahsay Systems Cloud Backup Suite 参数注入漏洞

Ahsay Systems Cloud Backup Suite is a centralized cloud backup solution from Ahsay Systems in Hong Kong, China. The product supports features such as database backup and physical server backup. A parameter injection vulnerability exists in Ahsay Systems Cloud Backup Suite version 9.1.4.0. An...

7.2CVSS7.2AI score0.20785EPSS
Exploits1References6
OSV
OSV
added 2022/09/12 4:15 a.m.4 views

CVE-2022-36257

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc...

7.5CVSS6AI score0.00786EPSS
Exploits1References3
Rows per page
Query Builder