PT-2025-31531 · Undefined · Undefined

An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to...

PT-2022-7390

Name of the Vulnerable Software and Affected Versions Bitrix versions prior to 7.5.0 Description The issue is related to the unrestricted upload of dangerous file types in the "1C-Bitrix: Virtual Machine" VMBitrix virtual server. This can be exploited by a remote attacker to execute arbitrary cod...

CVE-2012-4251

The CVE-2012-4251 entry corresponds to multiple XSS vulnerabilities in MySQLDumper 1.24.4. Reported affected vectors include index.php (page param), install.php (phase param), sql.php (tablename or dbid params), and restore.php (filename param) within learn/cubemail/. The connected sources confir...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in InterWorx Hosting Control Panel InterWorx-CP Webmaster Level SiteWorx 3.0.2 1 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php; and allow remote authenticated users to inject arbitrary web script or HT...

Eskolar CMS 0.9.0.0 - Blind SQL Injection

Eskolar CMS 0.9.0.0 - Blind SQL Injection ================================================================================================== !/usr/bin/perl use IO::Socket; ==================================================================================================...