CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cross Site Scripting vulnerability in Teldats Router RS123, RS123w allows attacker to execute arbitrary code via the cmdcookie parameter to the upgrade/query.php page...

4.8CVSS0.00112EPSS

Exploits1References2

Vulnrichment•added 2024/08/27 12:0 a.m.•15 views

CVE-2022-39996

Cross Site Scripting vulnerability in Teldats Router RS123, RS123w allows attacker to execute arbitrary code via the cmdcookie parameter to the upgrade/query.php page...

5.8AI score0.00112EPSS

Exploits1References2

CVE•added 2024/08/27 12:0 a.m.•50 views

CVE-2022-39996

The CVE-2022-39996 entry covers a Cross-Site Scripting vulnerability in Teldat RS123 and RS123w routers. Affected component: the upgrade/query.php page, exploitable via the cmdcookie parameter to cause arbitrary code execution. Official descriptions consistently identify XSS as the impact, with a...

4.8CVSS7AI score0.00112EPSS

Exploits1References2Affected Software1

Cvelist•added 2023/03/14 2:33 p.m.•15 views

CVE-2023-1395 SourceCodester Yoga Class Registration System list.php query cross site scripting

A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been declared as problematic. This vulnerability affects the function query of the file admin/user/list.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated...

4CVSS6.2AI score0.0025EPSS

Exploits1References3

Veracode•added 2023/01/30 9:11 a.m.•19 views

SQL Injection

CakePHP is vulnerable to SQL Injection attacks. The vulnerability exists in limit and offset functions of Query.php due to unsantized user input which allows an attacker to inject and execute arbitrary SQL queries...

9.8CVSS9.8AI score0.0093EPSS

Exploits0References9Affected Software2

Veracode•added 2023/01/29 1:32 p.m.•16 views

SQL Injection

liftkit/database is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the processOrderBy function in Query.php allows a malicious user to inject and execute arbitrary SQL queries on the target system...

9.8CVSS4.1AI score0.00353EPSS

Exploits0References4Affected Software1

Github Security Blog•added 2023/01/16 12:30 p.m.•19 views

SQL Injection in liftkit/database

A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql injection. Upgrading to version 2.13.2 is able to address this issue. The name of the patch is...

9.8CVSS4.2AI score0.00353EPSS

Exploits0References6Affected Software1

OSV•added 2023/01/16 12:30 p.m.•14 views

GHSA-8HCF-2M4V-F2RQ SQL Injection in liftkit/database

9.8CVSS7.8AI score0.00353EPSS

Exploits0References6

NVD•added 2023/01/16 11:15 a.m.•9 views

CVE-2016-15020

9.8CVSS6.9AI score0.00353EPSS

Exploits0References4

Prion•added 2023/01/16 11:15 a.m.•8 views

Sql injection

7.5CVSS7.8AI score0.00353EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2023/01/16 10:58 a.m.•9 views

CVE-2016-15020 liftkit database Query.php processOrderBy sql injection

5.5CVSS7.4AI score0.00353EPSS

Exploits0References4

CNVD•added 2022/10/11 12:0 a.m.•25 views

phpIPAM header injection vulnerability

phpIPAM is an open source PHP and MySQL-based IP address management application IPAM. phpIPAM version 1.5.0 is vulnerable to header injection, which stems from a lack of validation of input data in component/admin/subnets/ripe-query.php, and can be exploited by attackers to cause header injection...

9.8CVSS3.2AI score0.01569EPSS

Exploits1References1

OpenVAS•added 2022/10/04 12:0 a.m.•19 views

phpIPAM <= 1.5.2 SSRF Vulnerability

phpIPAM is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS9.7AI score0.01569EPSS

Exploits1References1

OSV•added 2022/10/03 4:15 p.m.•8 views

CVE-2022-41443

phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php...

9.8CVSS7.6AI score0.01569EPSS

Exploits1References1

Prion•added 2022/10/03 4:15 p.m.•10 views

Design/Logic Flaw

phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php...

7.5CVSS9.6AI score0.01569EPSS

Exploits1References1Affected Software1