CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

48 matches found

Github Security Blog•added 2022/05/14 1:53 a.m.•15 views

ThinkPHP SQLi Vulnerability

ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI...

9.8CVSS7.9AI score0.0025EPSS

Exploits1References4Affected Software1

OSV•added 2022/05/14 1:53 a.m.•15 views

GHSA-7XFJ-4JPG-58VF ThinkPHP SQLi Vulnerability

9.8CVSS9.9AI score0.0025EPSS

Exploits1References3

CNVD•added 2022/05/09 12:0 a.m.•17 views

arPHP cross-site scripting vulnerability

arPHP is a tool that enables Arabic web developers to provide search, presentation and processing of Arabic content in PHP. arPHP version 3.6.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output in Query.php. ...

4.3CVSS2.9AI score0.0024EPSS

Exploits0Affected Software1

NVD•added 2022/05/04 2:15 p.m.•5 views

CVE-2022-28081

A reflected cross-site scripting XSS vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts...

6.1CVSS0.0024EPSS

Exploits0References1

Prion•added 2022/05/04 2:15 p.m.•10 views

Cross site scripting

A reflected cross-site scripting XSS vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts...

4.3CVSS6AI score0.0024EPSS

Exploits0References1Affected Software1

CVE•added 2022/05/04 1:11 p.m.•67 views

CVE-2022-28081

The CVE-2022-28081 entry concerns a reflected XSS vulnerability in the arPHP software, specifically in the Query.php component of arPHP v3.6.0 . According to connected sources, the issue arises from improper handling of user-supplied data (lack of data validation and unsafe output in Query.php), ...

6.1CVSS5.9AI score0.0024EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/05/04 1:11 p.m.•12 views

CVE-2022-28081

A reflected cross-site scripting XSS vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts...

6.1AI score0.0024EPSS

Exploits0References1

Prion•added 2019/01/17 2:29 a.m.•11 views

Sql injection

A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component...

5CVSS8AI score0.00289EPSS

Exploits1References2Affected Software1

NVD•added 2019/01/17 2:29 a.m.•8 views

CVE-2018-20730

A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component...

7.5CVSS8AI score0.00289EPSS

Exploits1References2

OSV•added 2019/01/17 2:29 a.m.•0 views

CVE-2018-20730

A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component...

7.5CVSS6.1AI score

Exploits0References2

Cvelist•added 2019/01/17 2:0 a.m.•12 views

CVE-2018-20730

A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component...

8.3AI score0.00289EPSS

Exploits1References2

NVD•added 2018/10/19 8:29 p.m.•11 views

CVE-2018-18530

9.8CVSS9.9AI score0.0025EPSS

Exploits1References1

Prion•added 2018/10/19 8:29 p.m.•10 views

Sql injection

7.5CVSS9.8AI score0.0025EPSS

Exploits1References1Affected Software1

OSV•added 2018/10/19 8:29 p.m.•10 views

CVE-2018-18530

9.8CVSS8.5AI score

Exploits0References1

Cvelist•added 2018/10/19 8:0 p.m.•12 views

CVE-2018-18530

10AI score0.0025EPSS

Exploits1References1

Prion•added 2017/01/30 4:59 a.m.•15 views

Sql injection

SQL injection vulnerability in wp-includes/class-wp-query.php in WPQuery in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name...

7.5CVSS9.7AI score0.12378EPSS

Exploits0References9Affected Software3

Openbugbounty•added 2016/11/13 5:38 a.m.•10 views

growingring.byethost10.com XSS vulnerability

Vulnerable URL: http://growingring.byethost10.com/query.php?callback=prompt/OPENBUGBOUNTY/...

6.9AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•12 views

phpBugTracker 0.9 query.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10153/info Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. These issues are all due to a failure of the...

7.1AI score

Exploits0

Packet Storm•added 2012/04/05 12:0 a.m.•19 views

idev-DigiVendor 5.0 Cross Site Request Forgery

Exploit Title: idev-DigiVendor 5.0 CSRF Author: Jonturk75 Vendor or Software Link: http://idevspot.com/ Category:: webapps Demo : http://idevspot.com/demos/idev-digivendor/admin Greetz: Inj3ct0r Exploit DataBase 1337day.com ShowHide...

0.5AI score

Exploits0

Packet Storm•added 2012/04/05 12:0 a.m.•17 views

idev-Blog 1.0 Cross Site Request Forgery

Exploit Title: idev-Blog 1.0 CSRF Author: Jonturk75 Vendor or Software Link: http://idevspot.com/ Category:: webapps Demo : http://idevspot.com/demos/idev-blog/admin/ Greetz: Inj3ct0r Exploit DataBase 1337day.com...

0.8AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by