CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

74 matches found

SUSE CVE•added 2023/02/15 3:21 a.m.•3 views

SUSE CVE-2023-25727

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...

5.4CVSS5AI score0.09658EPSS

Exploits0References6

NVD•added 2023/02/13 6:15 a.m.•27 views

CVE-2023-25727

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...

5.4CVSS5.5AI score0.09658EPSS

Exploits0References2

OSV•added 2023/02/13 6:15 a.m.•17 views

CVE-2023-25727

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...

5.4CVSS5.1AI score

Exploits0References2

OSV•added 2023/02/13 6:15 a.m.•2 views

DEBIAN-CVE-2023-25727

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...

5.4CVSS5.4AI score0.09658EPSS

Exploits0References1

Prion•added 2023/02/13 6:15 a.m.•16 views

Information disclosure

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...

4.9CVSS5AI score0.09658EPSS

Exploits0References1Affected Software1

OSV•added 2023/02/13 6:15 a.m.•1 views

UBUNTU-CVE-2023-25727

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...

5.4CVSS7.1AI score0.09658EPSS

Exploits0References3

NCSC•added 2023/02/09 12:0 a.m.•2 views

Vulnerability fixed in phpMyAdmin

A vulnerability has been fixed in phpMyAdmin. A authenticated malicious party can exploit the vulnerability for a cross-site scripting attack via uploading a rogue .sql file. Such an attack may result in the execution of arbitrary code under the scope of the browser of the victim. In this...

6.3AI score

Exploits0

Tenable Nessus•added 2022/04/21 12:0 a.m.•8 views

SQL File Detected

SQL files have been detected on the target web application. These files may contain sensitive information which could assist an attack to conduct further attacks. No source data...

7.5AI score

Exploits0References3

Packet Storm•added 2022/01/25 12:0 a.m.•314 views

H2 Database Console Remote Code Execution

Document Title =============== Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221. Product Description =============== The H2 Console Application The Console lets you access a SQL database using a browser interface. Homepage: http://www.h2database.com/html/quickstart.html Affecte...

0.1AI score0.26568EPSS

Exploits4

Prion•added 2020/05/05 3:15 p.m.•12 views

Sql injection

The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation...

6.5CVSS9AI score0.00779EPSS

Exploits0References2Affected Software1

OSV•added 2019/01/08 11:29 p.m.•1 views

CVE-2019-5725

qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file...

7.5CVSS7.1AI score

Exploits0References1

NVD•added 2019/01/08 11:29 p.m.•10 views

CVE-2019-5725

qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file...

7.5CVSS7.5AI score0.00327EPSS

Exploits1References1

Prion•added 2019/01/08 11:29 p.m.•12 views

Design/Logic Flaw

qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file...

5CVSS7.5AI score0.00327EPSS

Exploits1References1Affected Software1

NVD•added 2018/12/24 3:29 a.m.•10 views

CVE-2018-20420

In webERP 4.15, ZCreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter...

5.5CVSS5.2AI score0.00256EPSS

Exploits1References1

Prion•added 2018/12/24 3:29 a.m.•14 views

Directory traversal

5.5CVSS5.2AI score0.00256EPSS

Exploits1References1Affected Software1

OSV•added 2018/12/24 3:29 a.m.•12 views

CVE-2018-20420

4.9CVSS6.8AI score0.00256EPSS

Exploits1References1

Openbugbounty•added 2018/03/30 1:10 a.m.•17 views

softvet.com.br Improper Access Control vulnerability

Open Bug Bounty ID: OBB-593770 Description| Value ---|--- Affected Website:| softvet.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

Exploits0

Openbugbounty•added 2018/03/28 8:34 p.m.•10 views

uvesco.altervista.org Improper Access Control vulnerability

Open Bug Bounty ID: OBB-593084 Description| Value ---|--- Affected Website:| uvesco.altervista.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

6.7AI score

Exploits0

OSV•added 2018/02/22 7:29 p.m.•2 views

CVE-2018-7317

Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/...

7.5CVSS5.8AI score

Exploits0References1

Prion•added 2018/02/22 7:29 p.m.•16 views

Design/Logic Flaw

Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/...

5CVSS7.5AI score0.23058EPSS

Exploits5References1Affected Software1