CVE-2021-25877

AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php...

CVE-2021-25877

AVideo/YouPHPTube 10.0 and earlier is affected by an insecure file write vulnerability. An administrator-privileged user can write arbitrary files on the filesystem via the save.php file using lag and code variables. Documented impact is ability to write files on the server filesystem, enabli...

YouPHPTube 代码注入漏洞

YouPHPTube is a PHP-based video website system. YouPHPTube has a security vulnerability that originates from an administrator privileged user being able to write files on the file system using flags and code variables in file save.php...

CVE-2021-32104

A SQL injection vulnerability exists with user privileges in interface/forms/eyemag/save.php in OpenEMR 5.0.2.1...

Sql injection

A SQL injection vulnerability exists with user privileges in interface/forms/eyemag/save.php in OpenEMR 5.0.2.1...

Sql injection

WebsiteBaker 2.12.2 allows SQL Injection via parameter 'displayname' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

WebsiteBaker 2.12.2 SQL Injection

Exploit Title: WebsiteBaker 2.12.2 - 'displayname' SQL Injection authenticated Google Dork: - Date: 2020-09-20 Exploit Author: Roel van Beurden Vendor Homepage: https://websitebaker.org Software Link: https://wiki.websitebaker.org/doku.php/en/downloads Version: 2.12.2 Tested on: Linux Ubuntu 18.0...

CVE-2020-12707

An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements...

CVE-2020-12707

An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements...

CVE-2019-14529

OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eyemag/save.php...

CVE-2019-14529

OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eyemag/save.php...

Sql injection

OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eyemag/save.php...

Laravel SQL Injection Vulnerability

Laravel Framework is a PHP-based web application development framework developed by Taylor Otwell Software Developers. A SQL injection vulnerability exists in the save.php file in Laravel version 5.4.15. The vulnerability can be exploited by a remote attacker to execute arbitrary SQL commands wit...

Sql injection

Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhxuser and dhxversion parameters...

CVE-2018-6330

Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhxuser and dhxversion parameters...

CVE-2018-6330

Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhxuser and dhxversion parameters...

CVE-2018-19168

Shell Metacharacter Injection in www/modules/save.php in FruityWifi aka PatatasFritas/PatataWifi through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted modname parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid...

CVE-2018-13024

Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action...

CVE-2018-13024

MetInfo v6.0.0 is affected by a remote code execution vulnerability that allows an attacker to write PHP code to a file via the module parameter to admin/column/save.php in an editor upload action. Affected component: MetInfo CMS, version 6.0.0. The underlying issue is the ability to write to a ....

Cross site scripting

Cross-site scripting XSS vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter...