106 matches found
CVE-2019-25509
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...
CVE-2019-25524 XooGallery Lastest Latest SQL Injection via results.php
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...
CVE-2019-25524 XooGallery Lastest Latest SQL Injection via results.php
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...
CVE-2019-25509
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...
CVE-2019-25509
CVE-2019-25509 affects XooDigital Latest, where an SQL injection vulnerability in the results.php endpoint allows unauthenticated attackers to inject SQL via the 'p' parameter and manipulate database queries to extract sensitive information. All documented details describe the vulnerability as un...
CVE-2019-25509 XooDigital Lastest Latest SQL Injection via results.php
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...
PT-2026-24969
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...
PT-2026-24984
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...
CVE-2018-9328
PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the terfrom or tag parameter to results.php...
CVE-2019-20336
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to XSS...
CVE-2019-7554
An issue was discovered in PHP Scripts Mall API Based Travel Booking 3.4.7. There is Reflected XSS via the flight-results.php d2 parameter...
CVE-2025-13546
A vulnerability was detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown functionality of the file /results.php of the component Search. The manipulation of the argument userquery results in sql injection. The attack can be...
CVE-2025-13546
A vulnerability was detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown functionality of the file /results.php of the component Search. The manipulation of the argument userquery results in sql injection. The attack can be...
CVE-2025-13546
CVE-2025-13546 concerns a SQL injection in the Travel Agency app by Ashraf Kabir. The vulnerability affects the file /results.php in the Search component, stemming from manipulation of the argument (user_query or user query) which enables remote exploitation. Public exploit activity is indicated ...
Travel Agency SQL注入漏洞
Travel Agency is a travel management website by Ashraf Kabir, an individual developer. Travel Agency suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter userquery in the file /results.php, which could lead to SQL injection...
PT-2025-47838
A vulnerability was detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown functionality of the file /results.php of the component Search. The manipulation of the argument user query results in sql injection. The attack can be...
EUVD-2019-10889
Malware in sbrugna...
EUVD-2019-17093
Malware in sbrugna...
EUVD-2005-3740
Malware in sbrugna...
CVE-2024-30927
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component...