PluXML 5.8.7 Cross Site Scripting

Exploit Title: XSS-Stored on PluXML 5.8.7 - latest parameter "idcontent" Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 08.13.2021 Vendor: https://pluxml.org/ Link: https://sourceforge.net/projects/chikitsa/ CVE: CVE-2021-38603 + Exploit Source: !/usr/bin/python3 Author:...

CVE-2021-38603

PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field...

CVE-2021-38603

PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field. Recent assessments: nu11secur1ty at August 13, 2021 11:57am UTC reported: Link: Vulnerability parameter in profil.php “idcontent” NOTE: The same problem is in the demo account in the online version Proof: Assessed...

PluXml 跨站脚本漏洞

PluXml is a free and open source content management system that does not require a database to work. A cross-site scripting vulnerability exists in PluXML, which stems from the core/admin/profil.php page Allow Stored XSS via Information field vulnerability...

CVE-2010-4619

SQL injection vulnerability in profil.php in Mafya Oyun Scrpti aka Mafia Game Script allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2010-4619

CVE-2010-4619 describes an SQL injection in profil.php of Mafya Oyun Scrpti (aka Mafia Game Script), exploitable via the id parameter to allow remote execution of arbitrary SQL commands. This entry is corroborated by multiple sources (NVD/NVD mirrors, CVE lists). No explicit patch/version details...

CVE-2010-1071

SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter...

Sql injection

SQL injection vulnerability in profil.php in Bigforum 4.5, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2010-0948

CVE-2010-0948 affects Bigforum 4.5 in the profil.php script. The vulnerability is a SQL injection in the id parameter when magic_quotes_gpc is disabled, allowing remote attackers to execute arbitrary SQL commands. Documented impact is partial confidentiality/integrity/availability. The OpenVAS en...

Sql injection

SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter...

CVE-2008-5215

ClanLite has an SQL injection vulnerability (CVE-2008-5215) in service/profil.php of version 2.2006.05.20 that allows remote attackers to inject arbitrary SQL via the link parameter. Public references indicate exploitation activity exists (e.g., exploit-db, X-Force). Root cause is unsafe handling...

Sql injection

SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the affnewsform parameter, a different vulnerability than CVE-2005-1509...

CVE-2005-1508

Multiple cross-site scripting XSS vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 month or 2 annee parameters to the news module, 3 nbractif or 4 annee parameters to the stats module, 5 id parameter to profil.php, 6 mblettre or 7 lettre...

CVE-2005-1508

PWSPHP (Portail Web System) is affected by cross-site scripting (XSS) in version 1.2.2 due to insufficient input validation in multiple modules/parameters (e.g., news, stats, profil.php, memberlist, recherche) and specifically the SettingsBase.php skin parameter per the NASL entry. The vulnerabil...

CVE-2005-1508

Multiple cross-site scripting XSS vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 month or 2 annee parameters to the news module, 3 nbractif or 4 annee parameters to the stats module, 5 id parameter to profil.php, 6 mblettre or 7 lettre...

CVE-2005-1509

SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2005-1509

The CVE-2005-1509 entry describes an SQL injection in profil.php of PwsPHP 1.2.2, exploitable via the id parameter. This relates to a vulnerability in the profiling page that allows remote attackers to execute arbitrary SQL commands. The NVD entry assigns a CVSS v2 base score of 7.5 (HIGH, networ...

PWSPHP 1.1/1.2 - 'Profil.php' SQL Injection

source: https://www.securityfocus.com/bid/13563/info PwsPHP is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or...

PWSPHP 1.11.2 - Profil.php SQL Injection

PWSPHP 1.11.2 - Profil.php SQL Injection source: https://www.securityfocus.com/bid/13563/info PwsPHP is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...