CVE-2019-25707

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive...

CVE-2019-25707

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive...

CVE-2010-4774

SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171...

CVE-2025-25221

The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved...

CVE-2025-25221

The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved...

CVE-2024-11123 上海灵当信息科技有限公司 Lingdang CRM pdf.php path traversal

A vulnerability, which was classified as problematic, was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. This affects an unknown part of the file /crm/data/pdf.php. The manipulation of the argument url with the input ../config.inc.php leads to path traversal. It is possible to initiate the...

CVE-2022-45447

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could...

Local File Inclusion

librenms/librenms is vulnerable to local file inclusion. The usage of mysqlrealescapestring in pdf.php to sanitize file paths is insecure. Due to the usage of include that takes in untrusted user-supplied data to include scripts, a remote attacker could potentially include arbitrary scripts to be...

LibreNMS Directory Traversal Vulnerability

LibreNMS is a PHP/MYSQL/SNMP-based open source monitoring tool . A directory traversal vulnerability exists in /pdf.php in LibreNMS 1.50.1, which can be exploited by an attacker to gain access to locations outside of a restricted directory...

CVE-2019-12464

An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution...

eBrigade ERP 4.5 - SQL Injection

eBrigade ERP 4.5 - SQL Injection Exploit Title: eBrigade ERP 4.5 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://ebrigade.net/ Software Link: https://netcologne.dl.sourceforge.net/project/ebrigade/ebrigade/eBrigade%204.5/ebrigade4.5.zip Version: 4....

eBrigade ERP 4.5 SQL Injection

Exploit Title: eBrigade ERP 4.5 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://ebrigade.net/ Software Link: https://netcologne.dl.sourceforge.net/project/ebrigade/ebrigade/eBrigade%204.5/ebrigade4.5.zip Version: 4.5 Category: Webapps Tested on:...

eBrigade ERP 4.5 - SQL Injection

Exploit Title: eBrigade ERP 4.5 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://ebrigade.net/ Software Link: https://netcologne.dl.sourceforge.net/project/ebrigade/ebrigade/eBrigade%204.5/ebrigade4.5.zip Version: 4.5 Category: Webapps Tested on:...

Google Document Embedder 2.4.6 - pdf.php file Parameter Arbitrary File Disclosure

The Google Doc Embedder WordPress plugin was affected by a pdf.php file Parameter Arbitrary File Disclosure security vulnerability...

PHP-Nuke Platinium <= 7.6.b.5 - Remote Code Execution Exploit

No description provided by source. ?php PHP Nuke Platinium = 7.6.b.5 Remote Code Execution Exploit Author: Charles real F. charlesfolathotmail.fr Date: 02/07/08 Note I modified a bit phpsploit for this exploit, because PHP Nuke plays with REQUESTURI var ... Requirements registerglobals=On phprete...

Directory traversal

Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the file parameter to libs/pdf.php...

CVE-2010-4774

SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171...

Sql injection

SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171...

CVE-2010-4774

Summary (CVE-2010-4774): AuraCMS 1.62 contains an SQL injection in the pdf.php component, exploitable via the id parameter to allow remote execution of arbitrary SQL commands. This vulnerability is documented as a separate vector from CVE-2007-4804/2007-4171, and is supported by multiple connecte...

CVE-2010-4774

SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171...