CVE-2022-50793

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' paramete...

CVE-2022-50793

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' paramete...

CVE-2022-50793 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Authenticated Command Injection via www-data-handler.php

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' paramete...

CVE-2022-50793 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Authenticated Command Injection via www-data-handler.php

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' paramete...

PT-2025-54241

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and earlier Description The software contains an authenticated command injection issue in the www-data-handler.php script. Attackers can inject system commands through the services POST parameter...

EUVD-2025-29154

Malicious code in bioql PyPI...

CVE-2025-10429

A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajaxproduct.php. The manipulation of the argument dropservices results in sql injection. The attack can be launched remotely. The...

CVE-2025-10429 SourceCodester Pet Grooming Management Software ajax_product.php sql injection

A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajaxproduct.php. The manipulation of the argument dropservices results in sql injection. The attack can be launched remotely. The...

PT-2025-37453

Name of the Vulnerable Software and Affected Versions: SourceCodester Pet Grooming Management Software version 1.0 Description: A SQL injection issue exists in SourceCodester Pet Grooming Management Software. The vulnerability is located in an unknown functionality within the /admin/ajax...

CVE-2024-36840

SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to newsdetails.php and locationdetails.php; and the section parameter to services.php...

Unauthorized Access

Apache NiFi is vulnerable to Unauthorized Access. The vulnerability is due to missing fine-grained authorization checks during Process Group creation, allowing attackers to access Parameter Contexts, Controller Services, and Parameter Providers without proper permissions...

Petrol Pump Management Software 安全漏洞

Petrol Pump Management Software is a gasoline pump management software by mayurik individual developer. A security vulnerability exists in Petrol Pump Management Software version 1.0, which originates from an SQL injection vulnerability contained in the dropservices parameter in the...

PT-2024-27176 · Unknown · Boelter Blue System Management

Name of the Vulnerable Software and Affected Versions: Boelter Blue System Management version 1.3 Description: The issue allows a remote attacker to execute arbitrary code and obtain sensitive information. This is achieved via the id parameter to "news details.php" and "location details.php", and...

cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding

A server-side request forgery SSRF vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted...

Campcodes Complete Online Beauty Parlor Management System SQL注入漏洞

Campcodes Complete Online Beauty Parlor Management System is an online beauty parlor management system from Campcodes, Inc. A SQL injection vulnerability exists in Campcodes Complete Online Beauty Parlor Management System version 1.0, which originates from an SQL injection vulnerability in the...

SourceCodester Billing Management System SQL注入漏洞

Sourcecodester The Electric Billing Management System is a simple web application used to manage customer billing for an electric provider company. A SQL injection vulnerability exists in SourceCodester Billing Management System version 1.0, which stems from a problem in the file ajaxservice.php,...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

CVE-2015-5076

Multiple cross-site scripting XSS vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the 1 version parameter in protected/views/admin/formEditor.php; the 2 importId parameter in protected/views/admin/rollbackImport.php; the 3 bc, 4 fg,...