PT-2026-30563

A vulnerability has been found in itsourcecode Construction Management System 1.0. Affected is an unknown function of the file /borrowed equip report.php of the component Parameter Handler. The manipulation of the argument Home leads to sql injection. It is possible to initiate the attack remotel...

CVE-2025-57529

YouDataSum CPAS Audit Management System =v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could...

CVE-2025-15435

A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/workupdate.jsp. This manipulation of the argument Report causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vend...

CVE-2025-15436

A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/workedit.jsp. Such manipulation of the argument Report leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may b...

CVE-2025-15436

CVE-2025-15436 affects Yonyou KSOA 9.0. The issue lies in the file /worksheet/work_edit.jsp where manipulating the Report argument enables SQL injection. It can be exploited remotely, with the exploit publicly disclosed and vendor contact attempts noted as unaddressed. Multiple sources (NVD, Red ...

CVE-2025-15436 Yonyou KSOA work_edit.jsp sql injection

A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/workedit.jsp. Such manipulation of the argument Report leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may b...

CVE-2025-15435

CVE-2025-15435 affects Yonyou KSOA 9.0. The vulnerability is an SQL injection in an unknown functionality of file /worksheet/work_update.jsp, triggered by manipulating the Report argument. The attack can be initiated remotely and an exploit has been published; vendor response is not provided. Con...

PT-2026-1059

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A SQL injection issue exists in Yonyou KSOA 9.0 due to manipulation of the Report argument within the file /worksheet/work edit.jsp. This allows for remote attacks. The exploit details have been publicly...

Yonyou KSOA SQL注入漏洞

Yonyou KSOA is an enterprise-level management software from China's UFIDA Yonyou Corporation. A SQL injection vulnerability exists in Yonyou KSOA version 9.0, which originates from an incorrect manipulation of the parameter Report in the file /worksheet/workedit.jsp, which could lead to a SQL...

PT-2026-1056

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A flaw exists in Yonyou KSOA 9.0 related to the file '/worksheet/work update.jsp'. Manipulation of the Report argument in this file can lead to SQL injection. The attack can be initiated remotely. An exploit...

EUVD-2014-0855

Malware in sbrugna...

CVE-2021-30055

A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'paryear' parameter when running a report...

Koha 操作系统命令注入漏洞

Koha is a Koha organization's system for automated library administration building. A security vulnerability exists in Koha versions prior to 24.11.02, which stems from an administrator being able to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter...

CVE-2024-33972

CVE-2024-33972 concerns a SQL injection in PayPal, Credit Card and Debit Card Payment version 1.0 (janobe). The vulnerability is triggered via a crafted query in the /report/event_print.php endpoint, specifically via the 'events' parameter, enabling retrieval of stored information. The public doc...

CVE-2023-37528

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report...

PT-2024-12632 · Hcl · Hcl Bigfix Platform

Name of the Vulnerable Software and Affected Versions: HCL BigFix Platform affected versions not specified Description: A cross-site scripting XSS vulnerability in the Web Reports component can possibly allow an attack to exploit an application parameter during execution of the Save Report...

CVE-2023-0100

A flaw was found In Eclipse BIRT, where the default configuration allowed retrieval of a report from the same host using an absolute HTTP path for the report parameter for example, report=http://xyz.com/report.rptdesign. The report would be retrieved if the host indicated in the report parameter...

PT-2023-2201 · Eclipse · Eclipse Birt

Name of the Vulnerable Software and Affected Versions: Eclipse BIRT versions 2.6.2 through 4.12 Description: The issue is related to insufficient input validation when processing host headers with the report parameter. This could allow a remote attacker to gain unauthorized access to protected...

CVE-2023-27641

The REPORT after z but before a parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL...

PT-2023-21277 · L Soft · Listserv

Name of the Vulnerable Software and Affected Versions: L-Soft LISTSERV versions 16.5 through 16.5 Description: The issue allows an attacker to conduct XSS attacks via a crafted URL, specifically exploiting the REPORT parameter in wa.exe. Recommendations: For versions 16.5, update to version 17 or...