232997 matches found
CVE-2018-25420
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...
CVE-2018-25420 AiOPMSD Final 1.0.0 SQL Injection via watch.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...
CVE-2018-25418 AiOPMSD Final 1.0.0 SQL Injection via year.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Attackers can send GET requests to year.php with crafted SQL payloads in the year parameter to extract sensiti...
CVE-2018-25419 AiOPMSD Final 1.0.0 SQL Injection via genre.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract...
CVE-2018-25419 AiOPMSD Final 1.0.0 SQL Injection via genre.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract...
CVE-2018-25418
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Attackers can send GET requests to year.php with crafted SQL payloads in the year parameter to extract sensiti...
CVE-2018-25419
AiOPMSD Final 1.0.0 is affected by an SQL injection in genre.php. The vulnerability allows unauthenticated attackers to send crafted SQL payloads via the genre parameter in GET requests to extract sensitive data (usernames, databases, version details). CVSS metrics are provided (3.1: 8.2 High; 4....
CVE-2018-25417
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the quality parameter. Attackers can send GET requests to quality.php with crafted SQL payloads in the quality parameter to extrac...
CVE-2018-25417 AiOPMSD Final 1.0.0 SQL Injection via quality.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the quality parameter. Attackers can send GET requests to quality.php with crafted SQL payloads in the quality parameter to extrac...
CVE-2018-25417
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability via the quality parameter in quality.php. Unauthenticated attackers can send crafted SQL payloads to extract sensitive data (usernames, database names, version details). CVSS metrics indicate high severity (CVSS 3.1: 8.2; CVSS 4.0: 8.8)....
CVE-2018-25414 AiOPMSD Final 1.0.0 SQL Injection via actor.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract...
CVE-2018-25414 AiOPMSD Final 1.0.0 SQL Injection via actor.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract...
EUVD-2018-21936
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract...
CVE-2018-25414
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract...
CVE-2018-25414
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability in actor.php that can be exploited by unauthenticated attackers via the actor parameter. The vulnerability is triggered by crafted SQL payloads in GET requests to actor.php, allowing extraction of sensitive database information such as u...
CVE-2018-25413 AiOPMSD Final 1.0.0 SQL Injection via search.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...
CVE-2018-25412 Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php
Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docsupload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute th...
CVE-2018-25412
DeltaSql 1.8.2 is affected by an arbitrary file upload vulnerability reachable via docs_upload.php. The issue allows unauthenticated attackers to upload PHP files through crafted multipart form data and place them in the upload directory, enabling remote code execution on the server. The connecte...
CVE-2018-25412 Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php
Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docsupload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute th...
CVE-2018-25410 SIM-PKH 2.4.1 SQL Injection via media.php id Parameter
SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...