63 matches found
CVE-2022-27245
An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF...
CVE-2019-12939
LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the pextrse parameter...
EUVD-2006-3744
Malware in sbrugna...
EUVD-2018-9143
Malware in sbrugna...
EUVD-2019-4515
Malware in sbrugna...
CVE-2025-7102 BoyunCMS Server.php sql injection
A vulnerability was found in BoyunCMS up to 1.4.20. It has been declared as critical. This vulnerability affects unknown code of the file application/update/controller/Server.php. The manipulation of the argument phone leads to sql injection. The attack can be initiated remotely. The exploit has...
CVE-2025-7102 BoyunCMS Server.php sql injection
A vulnerability was found in BoyunCMS up to 1.4.20. It has been declared as critical. This vulnerability affects unknown code of the file application/update/controller/Server.php. The manipulation of the argument phone leads to sql injection. The attack can be initiated remotely. The exploit has...
BoyunCMS 安全漏洞
BoyunCMS is an enterprise content management system from China Boyun Boyun Company. A security vulnerability exists in BoyunCMS 1.4.20 and earlier versions, which originates from improper handling of the parameter phone in the file application/update/controller/Server.php, which may lead to SQL...
PT-2025-28097 · Boyuncms · Boyuncms
Name of the Vulnerable Software and Affected Versions: BoyunCMS versions up to 1.4.20 Description: A critical issue has been identified, affecting the file application/update/controller/Server.php. The manipulation of the phone argument leads to SQL injection. This issue can be exploited remotely...
Remote Code Execution (RCE)
angular-base64-upload is vulnerable to Remote Code Execution RCE. The vulnerability is due to a lack of proper access controls in demo/server.php, allowing attackers to upload arbitrary content, which can then be executed from demo/uploads...
CVE-2021-26293
An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...
Directory traversal
An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...
Privilege Escalation
wordpress is vulnerable to privilege escalation. Using XML-RPC allows an unprivileged user to comment on a post as wp-includes/class-wp-xmlrpc-server.php does not enforce the permission to restrict it...
Sql injection
FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php...
CVE-2019-15555
The CVE-2019-15555 entry concerns FredReinink Wellness-app. Multiple connected sources specify an SQL injection vulnerability affecting the Wellness-app before 2019-06-19, related to PHP scripts dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php. The issue enables potentially ...
CVE-2019-15555
FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php...
CVE-2019-12939
LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the pextrse parameter...
CVE-2018-17389
CSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account...
Cross site request forgery (csrf)
CSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account...
CVE-2018-17389
CVE-2018-17389 describes a CSRF flaw in the Live Call Support Application version 1.5, specifically in server.php, that allows adding an admin account. The root cause is a Cross-Site Request Forgery vulnerability that can enable unauthorized admin account creation without user interaction beyond ...