CVE-2019-25262

A security vulnerability has been detected in elinicksic Razgover up to db37dfc5c82f023a40f2f7834ded6633fb2b5262. This affects an unknown part of the file Chattify/send.php of the component Chat Message Handler. Such manipulation of the argument msg leads to cross site scripting. The attack may b...

CVE-2019-25262

A security vulnerability has been detected in elinicksic Razgover up to db37dfc5c82f023a40f2f7834ded6633fb2b5262. This affects an unknown part of the file Chattify/send.php of the component Chat Message Handler. Such manipulation of the argument msg leads to cross site scripting. The attack may b...

PT-2025-54400

A security vulnerability has been detected in elinicksic Razgover up to db37dfc5c82f023a40f2f7834ded6633fb2b5262. This affects an unknown part of the file Chattify/send.php of the component Chat Message Handler. Such manipulation of the argument msg leads to cross site scripting. The attack may b...

CVE-2023-53872 Wp2Fac 1.0 OS Command Injection via send.php Endpoint

Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code...

CVE-2023-53872

Wp2Fac 1.0 has an OS command injection vulnerability in the send.php endpoint. The vulnerability allows remote attackers to execute arbitrary system commands by injecting shell commands through the numara parameter (using & to chain commands). Impact is described as high for confidentiality, inte...

PT-2025-51290

Name of the Vulnerable Software and Affected Versions Wp2Fac version 1.0 Description The software contains an OS command injection issue in the send.php endpoint. This allows remote attackers to execute arbitrary system commands. The issue occurs because attackers can inject shell commands throug...

AMSS++ SQL Injection Vulnerability

AMSS++ is a tool for the office management support system of Amssplus. An SQL injection vulnerability exists in AMSS++ version 4.31, which stems from an SQL injection vulnerability in the sdindex parameter of the /amssplus/modules/book/main/selectsend2.php page...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts and product image scaling. A security vulnerability exists in PrestaShop Orders CSV, Excel Export PRO before v5.0, which originates from an SQL...

CVE-2023-39677

MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php...

GLPI 路径遍历漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

UBUNTU-CVE-2020-15175

In GLPI before version 9.5.2, the ​pluginimage.send.php​ endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”...

D-Link DIR-850L REV.B Privilege Acquisition Vulnerability (CNVD-2017-31792)

The D-Link DIR-850L REV.B is a wireless router from AUO D-Link. A security vulnerability exists in the registersend.php file in D-Link DIR-850L REV.B devices using firmware FW208WWb02 and prior versions, which stems from the program failing to require authentication. An attacker could exploit the...