Advantech iView SQL Injection Vulnerability (CNVD-2025-31065)

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the ztpsearchvalue...

CVE-2022-50595

Advantech iView prior to v5.7.04 build 6425 is affected. The SNMP management tool exposes a SQL injection in the ztp_search_value parameter of the NetworkServlet, enabling remote attackers to bypass authentication and achieve remote code execution with administrator privileges. Root cause cited a...

CVE-2022-50595 Advantech iView < v5.7.04 Build 6425 ztp_search_value Parameter SQL Injection RCE

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztpsearchvalue’ parameter to the ‘NetworkServlet’ endpoint. Successful...

PT-2025-45370

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp search value’ parameter to the ‘NetworkServlet’ endpoint. Successfu...

CVE-2024-9350

The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchvalue' parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-9350

The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchvalue' parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

PT-2024-39585 · WordPress · Dpd Baltic Shipping

Name of the Vulnerable Software and Affected Versions: DPD Baltic Shipping plugin for WordPress versions up to, and including, 1.2.83 Description: The issue is related to Reflected Cross-Site Scripting via the search value parameter due to insufficient input sanitization and output escaping. This...

CVE-2024-6353

The Wallet for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'searchvalue' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...

WordPress Wallet for WooCommerce plugin <= 1.5.4 - Authenticated (Subscriber+) SQL Injection via 'search[value]' vulnerability

Authenticated Subscriber+ SQL Injection via 'searchvalue' vulnerability discovered by 1337Wannabe in WordPress Plugin TeraWallet – For WooCommerce versions = 1.5.4...

Sql injection

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'searchvalue parameter in the...

Forma Learning Management System SQL注入漏洞

Forma Learning Management System LMS is a Learning Management System LMS. Forma Learning Management System 3.1.0 and earlier versions suffer from a SQL injection vulnerability that can be exploited to perform SQL injection on the appLms/ajax.server.php?r=mycertificate/getMyCertificates function's...

CVE-2018-17110

Simple POS 4.0.24 allows SQL Injection via a products/getproducts/ columns0searchvalue parameter in the management panel, as demonstrated by products/getproducts/1...

CVE-2018-5987

SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pinid or userid parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVa...

CVE-2014-5202

Cross-site scripting XSS vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter...

CVE-2014-5202

Cross-site scripting XSS vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter...