PT-2026-33405

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and including 3.9.8. This is due to a missing authorization check in the tutor update course content order function. The function only validates th...

CVE-2018-25181 Musicco 2.0.0 Arbitrary Directory Download via Path Traversal

Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system...

CVE-2018-25181

Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter in the getAlbum endpoint, resulting in ZIP downloads of sensitive system directories. The issue affects the getAlbum path traversal fu...

CVE-2018-25181

Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system...

Musicco 路径遍历漏洞

Musicco is a music management system developed by Musicco Inc. Version 2.0.0 of Musicco has a path traversal vulnerability. This vulnerability stems from a path traversal issue with the parent parameter, which may allow unverified attackers to download files from arbitrary directories...

PT-2026-23693

Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system...

PT-2026-21862

The SPIP interface traduction objets plugin versions prior to 4.3.3 contain an authenticated SQL injection vulnerability in interface traduction objets pipelines.php. When handling translation requests, the plugin reads the id parent parameter from user-supplied input and concatenates it directly...

CVE-2019-25282

V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET parameter. Attackers can craft malicious links that redirect logged-in users to arbitrary websites by exploiting improper input validation in the redirect...

CVE-2019-25282 V-SOL GPON/EPON OLT Platform V2.03.62R_IPv6 v2.03 Open Redirect via bindProfile.html

V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET parameter. Attackers can craft malicious links that redirect logged-in users to arbitrary websites by exploiting improper input validation in the redirect...

CVE-2019-25282

Summary of CVE-2019-25282 (V-SOL GPON/EPON OLT Platform) The issue is an open redirect vulnerability in the bindProfile.html script of V-SOL GPON/EPON OLT Platform, affecting versions 2.03 and 2.03.62R IPv6. The root cause is improper validation of the GET parameter named parent , allowing an att...

CVE-2024-44778

A reflected cross-site scripting XSS vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

PT-2024-31246 · Vtiger · Vtiger Crm

Name of the Vulnerable Software and Affected Versions: vTiger CRM version 7.4.0 Description: A reflected cross-site scripting XSS vulnerability in the parent parameter in the index page of vTiger CRM allows attackers to execute arbitrary code in the context of a user's browser via injecting a...

CVE-2021-41754

dynamicMarkt = 3.10 is affected by SQL injection in the parent parameter of index.php...

CVE-2018-17254

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter...

CVE-2018-17254

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter...

KenCMS1.0 enterprise has a member version of the system parent parameters exist sql injection vulnerability

KenCMS is a content management system. A SQL injection vulnerability exists in KenCMS V1.0 Enterprise Membership Full Version. The "parent" parameter is not well filtered, which allows attackers to exploit the vulnerability to obtain sensitive information from the database...

Lepton parent parameter SQL injection vulnerability

Lepton is a set of tools for lossless compression of JPEG format files. A SQL injection vulnerability exists in the Lepton parent parameter, which could allow an attacker to take control of the application, access or modify data, or exploit a potential vulnerability in the underlying database...

CVE-2009-3751

Cross-site scripting XSS vulnerability in home.php in Opial 1.0 allows remote attackers to inject arbitrary web script or HTML via the genresparent parameter...

Cross site scripting

Cross-site scripting vulnerability in index.php in Boxcar Media Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the 1 parent or 2 pg parameter...

CVE-2006-0111

Cross-site scripting vulnerability in index.php in Boxcar Media Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the 1 parent or 2 pg parameter...