CVE-2025-14246 code-projects Simple Shopping Cart settings.php sql injection

A vulnerability was found in code-projects Simple Shopping Cart 1.0. This vulnerability affects unknown code of the file /Customers/settings.php. Performing manipulation of the argument userid results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publi...

CVE-2025-66261

Unauthenticated OS Command Injection restoresettings.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform URL-decoded name parameter passed to exec allows remote code execution. The...

Linux Distros Unpatched Vulnerability : CVE-2017-16641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the pathrrdtool parameter in an action=save request ...

CVE-2025-5661

CVE-2025-5661 affects code-projects Traffic Offense Reporting System 1.0, specifically the Setting Handler’s save-settings.php. The vulnerability arises from improper handling of the site_name (or “site name”) parameter, leading to cross-site scripting (XSS). It can be exploited remotely, and pub...

CVE-2024-50350 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This vulnerability results...

CodeAstro Membership Management System Security Vulnerability

CodeAstro Membership Management System is a membership management system from CodeAstro. A security vulnerability exists in CodeAstro Membership Management System v.1.0, which stems from an unrestricted file upload vulnerability that allows remote attackers to execute arbitrary code via a special...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin. WordPress Smart Email Alerts plug-in has a cross-site...

Speed Booster Pack 4.2.0-beta - Authenticated (admin+) RCE

The plugin did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE PoC PoC | Authenticated RCE | Caching Exclude URLs / Cached query strings: POST /wp-admin/admin.php?page=sbp-settings HTTP/2 Host: example.com...

getsimplecms 跨站脚本漏洞

GetSimple CMS is an XML-based, completely self-contained, streamlined content management system. A cross-site scripting vulnerability exists in GetSimple CMS 3.3.15 and earlier versions. The vulnerability can be exploited to conduct cross-site scripting attacks via the timezone parameter of...

DEBIAN-CVE-2017-16641

lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the pathrrdtool parameter in an action=save request to settings.php...

DEBIAN-CVE-2014-5262

SQL injection vulnerability in the graph settings script graphsettings.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2004-2192

SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic Trader PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the tttadmin parameter...