106793 matches found
CVE-2026-32139
DataEase is an open-source data visualization tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. Backend validation only checks that the XML is parseable and that the root node is svg, and does not sanitize active content (e.g., onload/onerror event ha...
Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect
Mirth Connect PoC Script Simple Python script for security re...
Exploit for Out-of-bounds Write in Fortinet Fortiproxy
Usages: python3 ex...
CVE-2019-25523
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to cat.php with malicious catid values to bypass authentication, extract sensitive data...
CVE-2019-25517
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send requests to haberarsiv.php with malicious cid values using UNION-based injecti...
CVE-2019-25535 Netartmedia PHP Dating Site SQL Injection via loginaction.php
Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with time-based SQL injection payloads in the Email field ...
CVE-2019-25520 Jettweb PHP Hazir Haber Sitesi Scripti V1 Authentication Bypass
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and...
CVE-2019-25520
CVE-2019-25520 affects Jettweb PHP Hazir Haber Sitesi Scripti V1. It describes an authentication bypass in the admin panel caused by improper SQL query validation in admingiris.php login handling, allowing unauthenticated access via SQL payloads in username/password fields. References indicate av...
CVE-2019-25519 Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Attackers can send POST requests to uyelik.php with crafted payloads in the option parameter to...
CVE-2019-25517
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send requests to haberarsiv.php with malicious cid values using UNION-based injecti...
CVE-2019-25516
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galleryid parameter. Attackers can send GET requests to gallery.php with malicious galleryid values using...
CVE-2019-25515 Jettweb PHP Hazir Haber Sitesi Scripti V3 Authentication Bypass
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and...
CVE-2019-25515
The CVE-2019-25515 entry describes an authentication bypass in Jettweb PHP Hazir Haber Sitesi Scripti V3’s login.php, allowing unauthenticated attackers to gain admin access by submitting crafted SQL syntax (e.g., equals signs and 'or' operators) in username/password fields. This results in an un...
CVE-2019-25514 Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data...
CVE-2019-25513
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send GET requests to datagetir.php with malicious 'q' values using time-based blind...
CVE-2019-25512 Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive databa...
CVE-2019-25510 Jettweb PHP Hazir Haber Sitesi Scripti V2 Authentication Bypass
Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and...
CVE-2019-25482
CVE-2019-25482 affects the Jettweb PHP Hazir Rent A Car Sitesi Scripti V2. The vulnerability is an SQL injection in the arac_kategori_id parameter that allows unauthenticated attackers to manipulate database queries and extract sensitive information via POST requests to the vulnerable endpoint. T...
CVE-2019-25482
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arackategoriid parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to...
CVE-2019-25482 Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 SQL Injection
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arackategoriid parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to...