CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

Cvelist•added 2026/05/23 6:32 p.m.•12 views

CVE-2018-25357 Dolibarr ERP CRM 7.0.3 Remote Code Execution via install/step1.php

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the dbname parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the dbname parameter, then...

9.8CVSS0.0061EPSS

Exploits1References4

ATTACKERKB•added 2026/05/23 6:32 p.m.•6 views

CVE-2018-25357

9.8CVSS6.7AI score0.0061EPSS

Exploits1References4

CVE•added 2026/05/23 6:32 p.m.•17 views

CVE-2018-25357

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability. An unauthenticated attacker can inject PHP into the db_name parameter via a POST to install/step1.php , then trigger code execution through the check.php endpoint using the cmd parameter. The CVE documents indicate a critical ...

9.8CVSS6.7AI score0.0061EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/05/23 6:32 p.m.•5 views

CVE-2018-25357 Dolibarr ERP CRM 7.0.3 Remote Code Execution via install/step1.php

9.8CVSS6.7AI score0.0061EPSS

Exploits1References4

RedhatCVE•added 2025/05/23 12:24 a.m.•3 views

CVE-2022-46966

Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php...

9.8CVSS8.2AI score0.00324EPSS

Exploits1References1

SUSE CVE•added 2023/02/15 5:4 a.m.•1 views

SUSE CVE-2016-3739

The 1 mbedconnectstep1 function in lib/vtls/mbedtls.c and 2 polarsslconnectstep1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid...

5.3CVSS6.6AI score0.01068EPSS

Exploits0References4

NVD•added 2023/01/26 11:15 p.m.•6 views

CVE-2022-46966

Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php...

9.8CVSS9.8AI score0.00324EPSS

Exploits1References2

Prion•added 2023/01/26 11:15 p.m.•8 views

Sql injection

Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php...

7.5CVSS9.7AI score0.00324EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2023/01/26 12:0 a.m.•1 views

PT-2023-15121 · Unknown · Revenue Collection System

Name of the Vulnerable Software and Affected Versions: Revenue Collection System version 1.0 Description: The issue is related to a SQL injection vulnerability. It affects the step1.php endpoint. Recommendations: For Revenue Collection System version 1.0, consider disabling access to the step1.ph...

9.8CVSS7.9AI score0.00324EPSS

Exploits1References6

CNNVD•added 2022/09/20 12:0 a.m.•1 views

YetiForceCrm 跨站脚本漏洞

YetiForceCrm is an open source Crm system from the Polish company YetiForce. A cross-site scripting vulnerability exists in versions of YetiForceCrm prior to 6.4.0, which stems from the undefined and unvalidated workflowModel-summary parameter on the Workflow module in Settings and is used direct...

6.3CVSS6.2AI score0.00323EPSS

Exploits1References3

Openbugbounty•added 2017/06/28 4:28 p.m.•13 views

sweets-jar.com XSS vulnerability

Vulnerable URL: http://www.sweets-jar.com/mishelach/step1.asp?lead=1"...

6.9AI score

Exploits0

Openbugbounty•added 2015/11/30 1:21 p.m.•6 views

bedrijvenweb.nl XSS vulnerability

Vulnerable URL: http://www.bedrijvenweb.nl/fileadmin/aanmelden/stap1.php?domein="';-- Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1673248 Google Pagerank| 6 VIP website status:|...

6.3AI score

Exploits0

Packet Storm•added 2015/09/04 12:0 a.m.•15 views

Milw0rm Clone Script 1.0 Cross Site Scripting

Exploit Title: Milw0rm Clone Script 1.0 - XSS Vulnerability Date: 03.09.2015 Exploit Author: CrashBandicot @DosPerl Vendor Homepage: http://milw0rm.sourceforge.net/ Software Link: http://sourceforge.net/projects/milw0rm/files/milw0rm.rar/download Version: v1.0 Tested on: MSWin64 Vulnerable File :...

7.4AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•29 views

campus virtual-lms (xss/SQL Injection) Multiple Vulnerabilities

No description provided by source. +-----------------------------------------------------------------------------+ LMS: Campus Virtual-LMS WEB: http://campusvirtualcomputrade.cae.net Autor: Yasión Fecha: 12 jun 2009 +-----------------------------------------------------------------------------+...

7.1AI score

Exploits0

Prion•added 2009/06/22 2:30 p.m.•10 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Campus Virtual-LMS allow remote attackers to inject arbitrary web script or HTML via the 1 courseid parameter to enrolments/step1.php, or the 2 search or 3 siteid parameter to files/sharedlist.php...

4.3CVSS6.1AI score0.00513EPSS

Exploits0References2

ATTACKERKB•added 2009/06/22 2:30 p.m.•0 views

CVE-2009-2149

4.3CVSS5.4AI score0.00513EPSS

Exploits0References3

exploitpack•added 2009/06/12 12:0 a.m.•16 views

campus virtual-lms - Cross-Site Scripting SQL Injection

campus virtual-lms - Cross-Site Scripting SQL Injection +-----------------------------------------------------------------------------+ LMS: Campus Virtual-LMS WEB: http://campusvirtualcomputrade.cae.net Autor: YasiÃ³n Fecha: 12 jun 2009...

0.8AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by