EUVD-2025-1711

Malicious code in bioql PyPI...

CVE-2025-0489

A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlinkdodel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to t...

CVE-2025-0485

A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been classified as problematic. Affected is an unknown function of the file /fladmin/sysconfigdoedit.php. The manipulation of the argument info leads to cross site scripting. It is possible to launch the attack remotely. The exploi...

CVE-2025-0487

A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /fladmin/catedit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-0483

A vulnerability has been found in Fanli2012 native-php-cms 1.0 and classified as problematic. This vulnerability affects unknown code of the file /fladmin/jump.php. The manipulation of the argument message/error leads to cross site scripting. The attack can be initiated remotely. The exploit has...

CVE-2025-0491

A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. Affected is an unknown function of the file /fladmin/catdodel.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed...

CVE-2025-0490

A vulnerability, which was classified as critical, has been found in Fanli2012 native-php-cms 1.0. This issue affects some unknown processing of the file /fladmin/articledodel.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has be...

CVE-2025-0488

A vulnerability classified as critical has been found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file productlist.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

CVE-2024-27915

Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The...

CVE-2022-26613

PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in categorymenu.php...

CVE-2021-36503

SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file...

CVE-2020-18263

PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information...

CVE-2025-27411 REDAXO allows Arbitrary File Upload in the mediapool page

REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3...

emlog file upload vulnerability (CNVD-2025-04611)

emlog is a PHP and MySQL based CMS builder. A file upload vulnerability exists in emlog version v2.5.3, which stems from a lack of validation of uploaded files by the adminplugin.php component. An attacker can exploit this vulnerability to upload malicious files and remotely execute arbitrary cod...

CVE-2025-0482

A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file /fladmin/userrecoverpwd.php. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed ...

CVE-2025-0491

A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. Affected is an unknown function of the file /fladmin/catdodel.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed...

CVE-2025-0489

A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlinkdodel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to t...

CVE-2025-0491

A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. Affected is an unknown function of the file /fladmin/catdodel.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed...

CVE-2025-0490

A vulnerability, which was classified as critical, has been found in Fanli2012 native-php-cms 1.0. This issue affects some unknown processing of the file /fladmin/articledodel.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has be...

CVE-2025-0491 Fanli2012 native-php-cms cat_dodel.php sql injection

A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. Affected is an unknown function of the file /fladmin/catdodel.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed...