CVE-2019-20389

An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the vlanguageswitch parameter within multipart/form-data, which is reflected back within a user's browser without proper output encoding...

PT-2026-1228

Name of the Vulnerable Software and Affected Versions Tenda AC1206 version 15.03.06.23 Description A remote command injection issue exists in the formBehaviorManager function within the /goform/BehaviorManager file of the httpd component. Manipulation of the modulename/option/data/switch argument...

EUVD-2024-53486

Malicious code in bioql PyPI...

CVE-2024-57013

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg...

CVE-2024-57013

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg...

CVE-2024-57013

CVE-2024-57013 concerns TOTOLINK X5000R devices. The TOTOLINK X5000R firmware version V9.1.0cu.2350_B20230313 is reported to contain an OS command injection vulnerability in the setScheduleCfg function, caused by improper handling/filtering of the switch parameter (constructor command characters)...

CVE-2024-57013

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg...

CVE-2022-35525

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter ledswitch, which leads to command injection in page /ledonoff.shtml...

多款WAVLINK产品安全漏洞

WAVLINK AC1200 and so on are products of China RuiYin Technology WAVLINK company.WAVLINK AC1200 is a dual-band high-power wireless router.WAVLINK WL-WN531P3 is a wireless router.WAVLINK WN533A8 is a wireless router. A security vulnerability exists in WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3,...

Subrion CMS Cross-Site Scripting Vulnerability (CNVD-2020-32356)

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into a website and supports a variety of extensions plugins and more. A cross-site scripting vulnerability exists in the /panel/configuration/general settings page in Subrion CMS version...

Cisco Data Center Network Manager getDiscoveredDeviceCount switchIdList SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Sql injection

Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 searchcolumn or 2 switch parameter...

Welcart vulnerable to SQL injection

Overview Welcart provided by Collne Inc. is a WordPress plugin. Welcart contains an SQL injection vulnerability CWE-89 due to a flaw in the processing of searchcolumn and switch parameter in admin.php. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

WordPress Welcart Plugin SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress's Welcart e-Commerce plugin version 1.3.12 in the implementation of the SQL injection vulnerability, remote attacke...