CVE-2019-25521

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galid parameter. Attackers can send GET requests to gal.php with malicious galid values to extract sensitive database information or...

CVE-2021-47872

SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'ordercol' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...

CVE-2023-53883

Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a new PHP page with malicious system commands in the description field to execute arbitrary commands on the server...

CVE-2023-53883

Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a new PHP page with malicious system commands in the description field to execute arbitrary commands on the server...

CVE-2023-53883

Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a new PHP page with malicious system commands in the description field to execute arbitrary commands on the server...

CVE-2025-47773 Combodo iTop has XSS vulnerability in /pages/ajax.render.php

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

EUVD-2025-34736

SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'...

EUVD-2022-42601

Malicious code in bioql PyPI...

CVE-2025-10435

A security flaw has been discovered in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/custedit1.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been...

CVE-2019-17580

tonyy dormsystem through 1.3 allows SQL Injection in admin.php...

CVE-2024-10655

A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file /pda/reportshop/new.php. The manipulation of the argument repid leads to sql injection. The attack can be initiated remotely. The exploit has been disclose...

PT-2024-33240 · Unknown · Automatic Systems Maintenance Slimlane

Name of the Vulnerable Software and Affected Versions: Automatic Systems Maintenance SlimLane version 29565 d74ecce0c1081d50546db573a499941b10799fb7 Description: The issue allows a remote attacker to escalate privileges via the FtpConfig.php page. This can grant unauthorized access, potentially...

CVE-2024-33111

D-Link DIR-845L router =v1.01KRb03 is vulnerable to Cross Site Scripting XSS via /htdocs/webinc/js/bscsmsinbox.php...

CVE-2023-46295

An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthenticated remote code execution can occur in the web server. An attacker can exploit this by sending a POST request to the vulnerable PHP page. An attacker can elevate to root permissions with Sudo...

CVE-2023-46295

CVE-2023-46295 affects Teledyne FLIR M300 firmware up to version 2.00-19. The issue is in the web server: unauthenticated remote code execution can be triggered by sending a POST request to a vulnerable PHP page, with the potential to escalate to root via Sudo. Public sources confirm the vulnerab...

CVE-2023-46295

An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthenticated remote code execution can occur in the web server. An attacker can exploit this by sending a POST request to the vulnerable PHP page. An attacker can elevate to root permissions with Sudo...

CVE-2023-46295

An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthenticated remote code execution can occur in the web server. An attacker can exploit this by sending a POST request to the vulnerable PHP page. An attacker can elevate to root permissions with Sudo...

CVE-2023-48858

A Cross-site scripting XSS vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary web script or HTML via the login.php? URL part...

Teledyne FLIR AX8 Command Injection Vulnerability

Teledyne FLIR AX8 is a series of thermal surveillance cameras from Teledyne FLIR USA. The Teledyne FLIR AX8 suffers from a command injection vulnerability that stems from an arbitrary command execution vulnerability in the value parameter of the /usr/www/res.php page...

UBUNTU-CVE-2023-49006

Cross Site Request Forgery CSRF vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file...