262 matches found
Sql injection
SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php...
Cxuucms SQL注入漏洞
cxuucms is a PHP-based content relationship building system. cxuucms version 3.1 has a SQL injection vulnerability that originates from setting the pid parameter in public/admin.php, which can be exploited by attackers to obtain sensitive database information...
OS Command Injection
xps is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via the pid parameter due to the lack of sanitisation and validation...
CVE-2019-16862
Reflected XSS in interface/forms/eyemag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter...
CVE-2019-16862
Reflected XSS in interface/forms/eyemag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter...
OpenEMR Cross-Site Scripting Vulnerability (CNVD-2019-43372)
OpenEMR is a medical practice management software that also supports electronic medical records EMR. A reflected cross-site scripting vulnerability exists in interface/forms/eyemag/view.php in OpenEMR. An attacker can exploit this vulnerability to execute arbitrary code in the context of a user...
CVE-2016-10951
The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter...
CVE-2016-10951
The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter...
CVE-2018-20519
An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify arbitrary resumes by changing a job-search intention, as demonstrated by the index.php?c=Personal&a=ajaxsavebasic pid parameter...
CVE-2018-16606
In ProConf before 6.1, an Insecure Direct Object Reference IDOR allows any author to view and grab all submitted papers Title and Abstract and their authors' personal information Name, Email, Organization, and Position by changing the value of Paper ID the pid parameter...
idreamsoft iCMS SQL Injection Vulnerability
idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in idreamsoft iCMS 7.0.7 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the 'pid' array parameter in the...
PHP Scripts Mall Advance B2B Script SQL Injection Vulnerability
PHP Scripts Mall Advance B2B Script is a set of PHP-based B2B2 business-to-business transactional website scripts from PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Advance B2B Script version 2.1.3. A remote attacker can exploit this vulnerability by sending the...
CVE-2017-17586
FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter...
CVE-2017-17586
FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter...
CVE-2017-17610
E-commerce MLM Software 1.0 has SQL Injection via the servicedetail.php pid parameter, eventdetail.php eventid parameter, or newsdetail.php newid parameter...
Sql injection
FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter...
Sql injection
Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter...
Sql injection
E-commerce MLM Software 1.0 has SQL Injection via the servicedetail.php pid parameter, eventdetail.php eventid parameter, or newsdetail.php newid parameter...
CVE-2017-17586
FS Olx Clone 1.0 is affected by a SQL Injection vulnerability exposed via the scat parameter in subpage.php or the pid parameter in message.php. The issue is caused by improper handling of user-supplied input in these parameters, enabling remote attackers to inject SQL commands. Public references...
XYCMS column management module pid parameters have sql injection vulnerability
XYCMS, formerly known as Nanjing XYCMS Enterprise Station Building System, is a station building platform that provides one-stop web solutions for Chinese enterprises. XYCMS PHP version 1.4 version of the column management module there is a sql injection vulnerability, due to the pid parameter...