CVE-2026-1149

A vulnerability was identified in Totolink LR350 9.3.5u.6369B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be initiated remotely. The...

CVE-2026-1149

CVE-2026-1149 affects Totolink LR350; the flaw is in the POST Request Handler’s /cgi-bin/cstecgi.cgi, in the setDiagnosisCfg function. Crafted input to the ip argument enables remote command injection. Exploit is publicly available and could be used, per sources. Affected version: 9.3.5u.6369_B20...

CVE-2023-4559

A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api=user=upload of the component POST Request Handler. The manipulation leads to unrestricted upload. The attack may be...

Sangfor Operation and Maintenance Management System 操作系统命令注入漏洞

Sangfor Operation and Maintenance Management System is an operation and maintenance management system from China's Sangfor. An OS command injection vulnerability exists in Sangfor Operation and Maintenance Management System 3.0.8 and earlier versions, which stems from incorrect manipulation of th...

CVE-2024-2909

A vulnerability classified as critical was found in Ruijie RG-EG350 up to 20240318. Affected by this vulnerability is the function setAction of the file /itboxpi/networksafe.php?a=set of the component HTTP POST Request Handler. The manipulation of the argument bandwidth leads to os command...

CVE-2024-2271

A vulnerability classified as critical has been found in keerti1924 Online-Book-Store-Website 1.0. This affects an unknown part of the file /shop.php of the component HTTP POST Request Handler. The manipulation of the argument productname leads to sql injection. It is possible to initiate the...

CVE-2025-15215

A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack...

CVE-2025-15217

A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely...

CVE-2025-15132 ZSPACE Z4Pro+ HTTP POST Request open zfilev2_api_open command injection

A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2apiopen of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2025-14108

A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safedir causes command injection. It is possible to initiate...

CVE-2025-14107

A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safedir results in command injection. The...

CVE-2025-14107 ZSPACE Q2C NAS HTTP POST Request status zfilev2_api.SafeStatus command injection

A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safedir results in command injection. The...

CVE-2025-12326

A vulnerability was found in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This vulnerability affects unknown code of the file /process.php of the component POST Request Handler. The manipulation of the argument un results in sql injection. The attack can be launched remotely...

CVE-2025-12326

A vulnerability was found in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This vulnerability affects unknown code of the file /process.php of the component POST Request Handler. The manipulation of the argument un results in sql injection. The attack can be launched remotely...

CVE-2025-12326

A vulnerability was found in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This vulnerability affects unknown code of the file /process.php of the component POST Request Handler. The manipulation of the argument un results in sql injection. The attack can be launched remotely...

CVE-2025-12326 shawon100 RUET OJ POST Request process.php sql injection

A vulnerability was found in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This vulnerability affects unknown code of the file /process.php of the component POST Request Handler. The manipulation of the argument un results in sql injection. The attack can be launched remotely...

EUVD-2025-36349

A vulnerability was found in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This vulnerability affects unknown code of the file /process.php of the component POST Request Handler. The manipulation of the argument un results in sql injection. The attack can be launched remotely...

CVE-2025-12326

CVE-2025-12326 concerns shawon100 RUET OJ prior to or up to commit 18fa45b0a669fa1098a0b8fc629cf6856369d9a5, with a SQL injection in the POST Request Handler’s file /process.php. The vulnerability is triggered by manipulating the un parameter, allowing remote exploitation. Public exploits have be...

PT-2025-44045

Name of the Vulnerable Software and Affected Versions shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5 Description A SQL injection issue exists in the POST Request Handler component of shawon100 RUET OJ. The issue is located in the file /process.php and is triggered by manipulatin...

CVE-2025-11272

A vulnerability has been found in SeriaWei ZKEACMS up to 4.3. This affects the function Delete of the file src/ZKEACMS.Redirection/Controllers/UrlRedirectionController.cs of the component POST Request Handler. The manipulation leads to improper authorization. Remote exploitation of the attack is...