EUVD-2026-27480

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's handling of the sortDirection parameter. The...

EUVD-2019-20121

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sortdirection parameter. Attackers can submit malicious SQL statements in the sortdirection parameter to extract sensitive database information or modi...

CVE-2019-25700 Kados R10 GreenBee SQL Injection via sort_direction Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sortdirection parameter. Attackers can submit malicious SQL statements in the sortdirection parameter to extract sensitive database information or modi...

CVE-2019-25700 Kados R10 GreenBee SQL Injection via sort_direction Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sortdirection parameter. Attackers can submit malicious SQL statements in the sortdirection parameter to extract sensitive database information or modi...

CVE-2017-18290

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET sortdirection parameter...

PT-2022-26538 · Candidats · Candidats

Name of the Vulnerable Software and Affected Versions: CandidATS version 3.0.0 Description: The issue allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not properly validate user input against XSS attacks, specifically on the...