CVE-2025-7103

A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The...

CVE-2025-48390

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to code injection due to insufficient validation of user input in the phppath parameter. The backticks characters are not removed, as well as tabulation is not removed. When checking us...

FreeScout 代码注入漏洞

FreeScout is an ultra-lightweight and powerful free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout, Inc. A code injection vulnerability exists in FreeScout versions prior to 1.8.178, which stems from insufficient validation of the input of the phppath...

CVE-2024-37622

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting XSS vulnerability via the num parameter at /flow/flow.php...

CVE-2024-10601

A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /general/address/private/address/query/delete.php. The manipulation of the argument whererepeat leads to sql injection. The attack can be...

CVE-2022-29670

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del...

CVE-2020-29551

An issue was discovered in URVE Build 24.03.2020. Using the internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: internal/pc/abort.php, internal/pc/restart.php, internal/pc/vpro.php, internal/pc/wake.php,...

PT-2025-23172 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.178 Description: The issue is related to insufficient validation of user input in the php path parameter, allowing code injection. This occurs because backticks characters and tabulation are not removed from us...

CVE-2025-3979

A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-password-ajax-1 of the component Password Change Handler. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely...

Ivanti LANDesk Management Gateway 安全漏洞

Ivanti LANDesk Management Gateway is a solution for remote management and control of IT devices, primarily designed to simplify the management and maintenance of devices in corporate environments. A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway. The vulnerability...

PT-2025-4101 · Unknown · Teamcal Neo

Name of the Vulnerable Software and Affected Versions: TeamCal Neo version 3.8.2 Description: The issue is a Reflected Cross-Site Scripting XSS that allows an attacker to execute malicious JavaScript code. This is achieved by injecting code via the abs parameter in the "/teamcal/src/index.php" AP...

TeamCal Neo 跨站脚本漏洞

TeamCal Neo is a calendar-based web application from the individual developer George Lewe. A cross-site scripting vulnerability exists in TeamCal Neo version 3.8.2. An attacker can exploit this vulnerability to execute malicious JavaScript code by injecting code via the abs parameter in...

CVE-2024-12890

A vulnerability was found in code-projects Online Exam Mastering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /update.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. The attack may be initiated remotely. The...

CVE-2024-8146

A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The...

The vulnerability of the get_ip.addr_details function in Ruijie RG-UAC router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the getip.addrdetails function /view/vpn/autovpn/sxhvpnlic.php in Ruijie RG-UAC router software exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...

PT-2024-31821 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A issue was found in the processing of the file /src/dede/tpl.php, which can lead to cross-site request forgery. The attack may be initiated remotely. Recommendations: For DedeCMS version 5.7, consider...

flusity CMS Security Vulnerability

flusity CMS is a user interaction interface solution where code can be easily changed or added. A security vulnerability exists in flusity-CMS version v2.33, which was discovered to contain a cross-site request forgery CSRF vulnerability via the component /core/tools/addplaces.php...

Inis SQL Injection Vulnerability

Inis is a web application. Inis version 2.0.1 suffers from a SQL injection vulnerability that stems from the parameter sql in the file /app/api/controller/default/Sqlite.php that can lead to SQL injection...

CVE-2023-5925

A vulnerability, which was classified as critical, has been found in Campcodes Simple Student Information System 1.0. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument f leads to sql injection. The exploit has been disclosed to the public...

Lost and Found Information System SQL注入漏洞

Lost and Found Information System is a lost and found information system by the individual developer of oretnom23. A SQL injection vulnerability exists in Lost and Found Information System version 1.0, which originates from the parameter id of the file /classes/Master.php?f=saveitem that can lead...