CVE-2025-32389

CVE-2025-32389 concerns NamelessMC prior to 2.1.4, where an SQL injection could be triggered by the square bracket GET parameter syntax (e.g., ?param[0]=a&param[1]=b&param[2]=c). The underlying issue is PHP parsing $_GET['param'] as an array when square-bracket syntax is used, enabling injection ...

PT-2024-33467 · Unknown · Vasilis Kerasiotis Affiliator

Name of the Vulnerable Software and Affected Versions: Vasilis Kerasiotis Affiliator versions 2.1.3 and earlier Description: The issue allows an attacker to upload a web shell to a web server due to an unrestricted file upload vulnerability. This enables the attacker to execute malicious code on...