EUVD-2021-34786

Ultimate Product Catalog 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit POST requests to post.php with HTML/JavaScript payloads in the price field to execute arbitrary cod...

CVE-2026-6202 code-projects Easy Blog Site post.php sql injection

A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be use...

CVE-2026-6202

A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be use...

CVE-2026-6202

The vulnerability CVE-2026-6202 affects code-projects Easy Blog Site 1.0. It targets the file post.php, where manipulation of the tags argument leads to a SQL injection via an unknown function. The attack can be initiated remotely, and the exploit has been released publicly. No remediation detail...

EUVD-2019-20083

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perfor...

CVE-2026-4573

A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/formhandlers/deletepost.php of the component HTTP GET Parameter Handler. The manipulation of the argument postid leads to sql injection. It is possible to...

PT-2026-27050

Name of the Vulnerable Software and Affected Versions SourceCodester Simple E-learning System version 1.0 Description A security issue exists in SourceCodester Simple E-learning System 1.0. The issue is related to SQL injection within the /includes/form handlers/delete post.php file, specifically...

CVE-2026-2083 code-projects Social Networking Site delete_post.php sql injection

A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file /deletepost.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to th...

CVE-2020-37076

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

CVE-2020-37076

Victor CMS 1.0 is affected by a SQL injection in the post parameter of post.php. The vulnerability allows remote attackers to manipulate database queries using crafted UNION SELECT payloads to extract information via boolean-based, error-based, and time-based techniques. Reported across multiple ...

CVE-2025-15457 bg5sbk MiniCMS Trash File Restore post.php improper authentication

A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the component Trash File Restore Handler. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The...

EUVD-2025-204540

A weakness has been identified in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /deletepost.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to t...

CVE-2024-7162

A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9/13.0. Affected by this issue is some unknown functionality of the file js/player/dmplayer/admin/post.php?act=setting. The manipulation of the argument yzm leads to cross site scripting. The attack may be launched...

Automad Code Injection Vulnerability

Automad is a flat file content management system and template engine by Marc Anton Dahmen, an individual developer. A code injection vulnerability exists in Automad 1.10.9 and earlier versions, which stems from a stored cross-site scripting XSS vulnerability in the parameter sitename of the file...

PT-2022-24166 · WordPress · Events Calendar Plugin

Name of the Vulnerable Software and Affected Versions: Events Calendar Plugin affected versions not specified Description: A vulnerability was found in the Events Calendar Plugin, affecting the file post.php of the component Event Handler. The manipulation of the title and body arguments leads to...

CVE-2022-28524

ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php...

CVE-2022-28524

ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php...

CVE-2020-35749

Directory traversal vulnerability in class-simplejobboardresumedownloadhandler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjbfile parameter to wp-admin/post.php...

DEBIAN-CVE-2018-20148

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wpgetattachmentthumbfile function in wp-includes/post.php...

DEBIAN-CVE-2011-3128

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php...