D-Link DAR-8000 代码问题漏洞

DAR-8000-10 is the Internet Behavior Audit Gateway from China AUO D-Link. AUO DAR-8000-10 20230922 and earlier versions have a deserialization vulnerability that originates from the unsafe deserialization of the parameter sql of the file /importhtml.php when receiving serialized data submitted by...

PT-2023-24740 · Easyuse · Easyuse Mailhunter Ultimate

Name of the Vulnerable Software and Affected Versions: EasyUse MailHunter Ultimate versions 2023 and earlier Description: The issue allows remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter in the create customer group function. Thi...

Beijing Baichuo Smart S85F Management Platform Command Injection Vulnerability

Beijing Baichuo Smart S85F Management Platform is a management platform of Beijing Baichuo Company. A command injection vulnerability exists in Beijing Baichuo Smart S85F Management Platform 20230722 and earlier versions, which stems from a SQL injection vulnerability in the parameter sql of the...

CVE-2020-20914

SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter...

PT-2022-21932 · Unknown · Wp All Export Pro

Name of the Vulnerable Software and Affected Versions: WP All Export Pro versions prior to 1.7.9 Description: The issue allows users with permission to run exports to execute arbitrary SQL statements due to the direct use of the cc sql POST parameter as a database query. This affects users who ha...

CVE-2022-25225

Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation PostgreSQL by exploiting this issue...

CVE-2022-25225

Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation PostgreSQL by exploiting this issue...

Cross site scripting

Sahi Pro 8.0.0 has a script manager arena located at s/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter can be used to trigger...

CVE-2018-18626

An issue was discovered in PHPYun V4.6. There is a vulnerability that can delete any file or directory via the "admin/index.php?m=database&c=del" sql parameter because delaction in admin/model/database.class.php mishandles this parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in JAMon Java Application Monitor 2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 listenertype or 2 currentlistener parameter to mondetail.jsp or ArraySQL parameter to 3 mondetail.jsp, 4 jamonadmin.jsp, 5...

CVE-2008-2646

Multiple cross-site scripting XSS vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the 1 sql parameter to dbadd.inc.php, 2 InsertJournal parameter to addjournalmask.inc.php, 3 InsertBibliography parameter to insertmask.inc.php, and 4 LabelYear...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the 1 sql parameter to dbadd.inc.php, 2 InsertJournal parameter to addjournalmask.inc.php, 3 InsertBibliography parameter to insertmask.inc.php, and 4 LabelYear...

CVE-2008-2646

Multiple cross-site scripting XSS vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the 1 sql parameter to dbadd.inc.php, 2 InsertJournal parameter to addjournalmask.inc.php, 3 InsertBibliography parameter to insertmask.inc.php, and 4 LabelYear...

CVE-2006-0146

CVE-2006-0146 affects ADOdb for PHP (before 4.70) used by Moodle, Cacti, Mantis, PostNuke, Xaraya, PHPOpenChat, MAXdev MD-Pro, MediaBeez, etc. The vulnerability arises from the MySQL root password being empty, enabling remote SQL execution via the sql parameter. Connected OpenVAS advisories corro...

CVE-2004-2059

CVE-2004-2059 : The provided documents describe multiple cross-site scripting vulnerabilities in ASPrunner 2.4 . The flaws allow remote attackers to inject arbitrary web script or HTML via four input vectors: (1) the SearchFor parameter in [TABLE-NAME]_search.asp, (2) the SQL parameter in [TABLE-...