PT-2025-30425 · Code Projects · Food Ordering Review System

Name of the Vulnerable Software and Affected Versions: code-projects Food Ordering Review System version 1.0 Description: A critical vulnerability exists in an unknown functionality of the file /user/reservation page.php. Manipulation of the argument reg Id leads to a SQL injection. The attack ca...

PT-2025-37304

Name of the Vulnerable Software and Affected Versions: Zabbix Agent 2 versions 5.0 and earlier Description: The Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, potentially allowing an attacker to inject unexpected arguments into the smartctl command. This can...

CVE-2023-1419

A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data...

EventPrime < 3.1.6 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Command injection

systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to wifiConnections,...

GHSA-JFF2-QJW8-5476 Command Injection Vulnerability in systeminformation

Impact command injection vulnerability Patches Problem was fixed with a parameter check. Please upgrade to version = 5.6.4 Workarounds If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency, si.inetChecksite, si.services, si.processLoad ... do onl...

DEBIAN-CVE-2021-21315

The System Information Library for Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. ...

Protect

Failure to sanitize the error or message handling parameters in the SSL VPN web portal may allow an attacker to perform a Cross-site Scripting XSS attack...

Shopify: POST-based XSS on apps.shopify.com

Hello Shopify team! I found a post-based XSS which may be shared to other users and occurs in firefox, IE, Edge. How to reproduce: 1. at partners.shopify.com go to apps - choose one - more actions - create shopify app store listing 2. you will get redirected to url with ?signature parameter. Full...

blog12SQL.txt

Blog System v1.2 http://www.netartmedia.net/blogsystem/ is vulnerable to 2 SQL injection vulnerabilities for failure to correctly sanitize SQL parameters. http://HOST/index.php?mode=home&cat=-99SQL CODE http://HOST/blog.php?user=USER&note=-99SQL CODE...