93385 matches found
📄 SPIP Saisies 5.11.0 Remote Code Execution
Proof of concept exploit for a PHP code injection vulnerability in the Saisies plugin for SPIP. The vulnerability allows an attacker to inject and execute arbitrary PHP code through the vulnerable parameter anciennesvaleurs. Versions 5.4.0 through 5.11.0 are affected. Written in PHP...
ROS-20260224-73-0012
Vulnerability in php-itop related to a flaw in the authorization mechanism. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...
CVE-2026-3042
The CVE-2026-3042 entry concerns itsourcecode Event Management System 1.0. The vulnerability affects the /admin/index.php file where manipulating the ID argument leads to SQL injection, exploitable remotely, with publicly available exploit information. Multiple connected sources corroborate the i...
CVE-2026-2952
A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...
CVE-2019-25446
DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these...
CVE-2019-25450
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...
CVE-2019-25452
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extrac...
WordPress Kingler theme <= 1.7 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Kingler versions = 1.7...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for January 2026.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF006. These vulnerabilities have been also adressed in 24.0.1-IF006 and 25.0.0-IF003. Vulnerability Details CVEID:CVE-2018-5711 DESCRIPTION: gdgifin.c in the GD Graphics Library aka libgd, as used in PHP...
PT-2026-21576
Name of the Vulnerable Software and Affected Versions itsourcecode Event Management System version 1.0 Description A SQL injection issue exists in itsourcecode Event Management System version 1.0. Remote attackers can exploit this by manipulating the ID argument in the /admin/index.php file. The...
PideTuCita 跨站脚本漏洞
PideTuCita is an online scheduling and queuing management platform owned by the Spanish company PideTuCita. PideTuCita has a cross-site scripting vulnerability, which stems from improper handling of the cookies/indes.php endpoint. This vulnerability could allow attackers to execute JavaScript cod...
📄 SuiteCRM 7.11.18 Log File Remote Code Execution
SuiteCRM version 7.11.18 allows modification of the logging configuration. The log filename extension is not validated properly .pHp accepted, causing the log to be interpreted as PHP. Then attacker injects PHP payload into the logs changing username lastname field resulting in the log file...
CVE-2026-2952
A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...
CVE-2019-25450
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...
CVE-2019-25450
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...
UBUNTU-CVE-2019-25450
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...
CVE-2026-2952 Vaelsys HTTP POST Request tree_server.php os command injection
A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...
CVE-2019-25450
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...
CVE-2019-25446
DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these...
CVE-2019-25443
Inventory Webapp is affected by CVE-2019-25443: an SQL injection in add-item.php allows unauthenticated users to manipulate queries via GET parameters (name, description, quantity, cat_id), enabling arbitrary database commands. The vulnerability affects the way input is incorporated into SQL stat...