TOTOLINK A8000RU 操作系统命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains an operating system command injection vulnerability. This vulnerability stems from improper handling of the provider parameter in the setDdnsCfg function of the...

TOTOLINK A3300R provider parameter command injection vulnerability

The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R provider parameter, which can be exploited by an attacker to execute arbitrary commands by sending a malicious request to the parameter...

EUVD-2026-25241

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31160

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31160

CVE-2026-31160: Affected product is ToToLink A3300R firmware v17.0.0cu.557_B20221024. The vulnerability is a remote command-execution flaw exploitable via the provider parameter to /cgi-bin/cstecgi.cgi, as described in multiple sources (NVD, CVE List, EUVD, etc.). The root cause is the handling o...

CVE-2026-31160

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi...

TOTOLINK A3300R 命令注入漏洞

The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R provider parameter, which can be exploited by an attacker to execute arbitrary commands by sending a malicious request to the parameter...

PT-2026-34671

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi...

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter “provider” in the file...

CVE-2021-41950

A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the...

Montala ResourceSpace 路径遍历漏洞

ResourceSpace is a digital asset management tool that enables users to organize their digital assets. a directory traversal vulnerability exists in ResourceSpace. An attacker could exploit the vulnerability to delete arbitrary files on the ResourceSpace server via the provider and variant...

PT-2021-23456 · Unknown · Resourcespace

Name of the Vulnerable Software and Affected Versions: ResourceSpace versions 9.6 through 9.6 rev 18277 Description: A directory traversal issue allows remote unauthenticated attackers to delete arbitrary files on the server via the provider and variant parameters in "pages/ajax/tiles.php"...

FS Gigs Script SQL Injection Vulnerability

FS Gigs Script is an online free market creation software based on PHP and MySQL. A SQL injection vulnerability exists in FS Gigs Script version 1.0. A remote attacker can inject SQL commands by sending the 'sc' parameter to the browse-category.php file or the 'ser' parameter to the...

CVE-2017-17576

FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter...

CVE-2017-15963

iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter...

Directory traversal

Directory traversal vulnerability in includes/block.php in Agares Media phpAutoVideo 2.21 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the selectedprovider parameter...