PT-2026-21370

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

PT-2026-2946

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...

PT-2025-48114

Name of the Vulnerable Software and Affected Versions DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 Description The software is susceptible to a SQL injection issue through the status sql.php endpoint. The endpoint...

Linux Distros Unpatched Vulnerability : CVE-2025-21626

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive informatio...

Linux Distros Unpatched Vulnerability : CVE-2019-8424

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. CVE-2019-8424 Note that Nessus relies on the presence of the package as...

Information Exposure

Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Information Exposure via the status.php endpoint. Workaround This vulnerability can be mitigated by: 1 deletin...

UBUNTU-CVE-2025-21626

GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the status.php endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may delete the status.p...

CVE-2024-8416

A vulnerability was found in SourceCodester Food Ordering Management System 1.0. It has been classified as critical. This affects an unknown part of the file /routers/ticket-status.php. The manipulation of the argument ticketid leads to sql injection. It is possible to initiate the attack remotel...

ZoneMinder SQL Injection Vulnerability (CNVD-2019-04687)

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras and more. SQL injection vulnerability exists in the ajax/status.php file in versions prior to ZoneMinder 1.32.3, which can be exploited by remote attackers to execute SQL commands with...

DEBIAN-CVE-2019-8429

ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filterQueryterms0cnj parameter...

CVE-2017-11412

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/appcomment/controller/commentstatus.php via $GET'id'...

Fiyo CMS SQL Injection Vulnerability (CNVD-2017-23897)

Fiyo CMS is a content management system CMS for creating CMS templates. A SQL injection vulnerability exists in the dapur/apps/appcomment/controller/commentstatus.php file in Fiyo CMS version 2.0.7. A remote attacker can exploit the vulnerability to execute arbitrary SQL commands with the help of...