7 matches found
CVE-2026-30655
SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...
EUVD-2026-14891
SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...
CVE-2026-30655
SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...
PT-2026-27439
SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...
CVE-2026-30655
CVE-2026-30655 involves a SQL injection in esiclivre/esiclivre before or at version 0.2.2, specifically in Solicitante::resetaSenha() when handling the cpfcnpj parameter at POST /reset/index.php. The root cause is unsafely concatenating user input into an SQL query, permitting unauthenticated rem...
CVE-2026-30655
SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...
CVE-2026-30655
SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...