Lucene search
K

64 matches found

EUVD
EUVD
added 2026/03/24 12:30 p.m.7 views

EUVD-2019-20018

Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, an...

8.8CVSS6.3AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/12 6:30 p.m.3 views

EUVD-2019-19778

XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...

8.8CVSS5.9AI score0.00306EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.9 views

EUVD-2019-19806

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...

8.8CVSS5.9AI score0.00393EPSS
Exploits1References3
NVD
NVD
added 2026/03/12 4:16 p.m.3 views

CVE-2019-25524

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...

9.1CVSS0.00393EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:36 p.m.7 views

CVE-2019-25524

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...

8.8CVSS5.9AI score0.00393EPSS
Exploits1References2
CVE
CVE
added 2026/02/22 3:32 a.m.16 views

CVE-2026-2912

CVE-2026-2912 affects code-projects Online Reviewer System v1.0. The vulnerability is in /system/system/students/assessments/results/studentresult-view.php, where manipulating the test_id argument triggers SQL injection. Exploitation is remote, and public exploitation has been reported. Multiple ...

9.8CVSS7.2AI score0.0033EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/20 7:23 p.m.5 views

CVE-2019-25445

Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript...

6.1CVSS5.9AI score0.00212EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/20 6:18 p.m.6 views

CVE-2019-25445 Fiverr Clone Script 1.2.2 Cross-Site Scripting via search-results.php

Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript...

6.1CVSS5.5AI score0.00212EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-47399

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00545EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/06/24 2:31 a.m.13 views

CVE-2024-6279 lahirudanushka School Management System Exam Results Page examresults-par.php sql injection

A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file examresults-par.php of the component Exam Results Page. The manipulation of the argument sid leads to sql injection. The...

6.5CVSS7.3AI score0.00545EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/06/24 12:0 a.m.3 views

PT-2024-37507 · Unknown · Lahirudanushka School Management System

Name of the Vulnerable Software and Affected Versions: lahirudanushka School Management System versions 1.0.0 through 1.0.1 Description: A critical issue was found in the Exam Results Page component, specifically in the file examresults-par.php. The manipulation of the sid argument leads to SQL...

8.8CVSS7.1AI score0.00545EPSS
Exploits1References8
OSV
OSV
added 2024/01/04 9:30 p.m.5 views

GHSA-4MVM-XH8J-FV27 Duplicate Advisory: govuk_tech_docs vulnerable to unescaped HTML on search results page

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-x2xw-hw8g-6773. This link is maintained to preserve external references. Original Description versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may ...

6.1CVSS5.9AI score0.005EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/12/28 12:0 a.m.4 views

PT-2023-30926 · Unknown · Student Result Management System

Name of the Vulnerable Software and Affected Versions: Student Result Management System version 1.0 Description: The issue concerns unauthenticated SQL Injection vulnerabilities. Specifically, the rno parameter of the "add results.php" resource does not validate the characters received, and they...

7.9AI score
Exploits0References3
HackRead
HackRead
added 2023/11/06 6:6 p.m.17 views

Google Launches Verification Badges for Security Tested VPN Apps

By Deeba Ahmed The new feature will add an Independent Security Review badge at the top of the Google Play search results page when users search for VPN apps. This is a post from HackRead.com Read the original post: Google Launches Verification Badges for Security Tested VPN Apps...

7.3AI score
Exploits0
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.87 views

JReviews <= 4.1.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting https://example.com/top-user-rated-listings?listview=2&q%22%3e%3cscript%3ealert1%3c%2fscript%3e=1...

0.9AI score
Exploits0References1
CNNVD
CNNVD
added 2022/04/28 12:0 a.m.4 views

Mahara 安全漏洞

Mahara is a free and open source Web-based electronic archive management system from Mahara. security vulnerabilities exist in versions prior to Mahara 20.10.5, 21.04.4, 21.10.2 and 22.04.0, which stem from the fact that sites in the application with isolated organizations are vulnerable to attac...

7.5CVSS5.5AI score0.00971EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/06/08 12:0 a.m.5 views

ICEcoder 跨站脚本漏洞

ICEcoder is a browser-based code editor that provides a modern approach to building websites. By allowing you to write code directly in your web browser. A security vulnerability exists in ICEcoder 8.0, which has been found to reflect an XSS vulnerability in the multi- results.php page due to...

5.4CVSS5.7AI score0.00859EPSS
Exploits1References3
OSV
OSV
added 2021/05/26 7:15 p.m.5 views

CVE-2018-10867

Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user...

9.1CVSS5.8AI score0.01069EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/05/26 12:0 a.m.5 views

PT-2021-8693 · Red Hat +1 · Redhat-Certification +1

Name of the Vulnerable Software and Affected Versions: redhat-certification version 7 Description: The issue allows files to be accessible without restrictions from the "/update/results" page, enabling an attacker to remove any file accessible by the apached user. A remote attacker could exploit...

9.1CVSS7.7AI score0.01069EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.4 views

Red Hat Certification 访问控制错误漏洞

Red Hat Certification is a software package from Red Hat USA. An access control error vulnerability exists in Redhat redhat-certification 7 that stems from the component not restricting access to files in the update results page. An attacker could exploit this vulnerability to delete any file...

9.1CVSS5.5AI score0.01069EPSS
Exploits0References2
Rows per page
Query Builder