Sql injection

Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $POST array...

CVE-2017-11445

Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $POST array...

CVE-2015-8625

MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ at sign character in unspecified POST array parameters...

CVE-2013-3241

export.php aka the export script in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request...

codeigniter -- arbitrary script execution in the new Form Validation class

znirkel reports: The eval function in resetpostarray crashes when posting certain data. By passing in carefully-crafted input data, the eval function could also execute malicious PHP code. Note that CodeIgniter applications that either do not use the new Form Validation class or use the old...