CVE-2026-4289

Summary: CVE-2026-4289 affects Tiandy Easy7 Integrated Management Platform (up to v7.17.0). The vulnerability lies in the function at /rest/preSetTemplate/getRecByTemplateId where manipulating the ID parameter leads to a SQL injection. This can potentially be exploited remotely, and the exploit h...

CVE-2025-50972

SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmplid parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP, and...

PT-2025-34876 · Unknown · Abantecart

Name of the Vulnerable Software and Affected Versions: AbanteCart version 1.4.2 Description: AbanteCart is susceptible to a SQL Injection issue. Unauthenticated attackers can execute arbitrary SQL commands via the tmpl id parameter in the index.php file. Exploitation techniques include error-base...

CVE-2025-50972

CVE-2025-50972 affects AbanteCart 1.4.2. The vulnerability is a SQL Injection in the unvalidated tmpl_id parameter sent to index.php, enabling unauthenticated attackers to execute arbitrary SQL commands. Documented techniques include error-based injections using a crafted FLOOR payload, time-base...

Linux Distros Unpatched Vulnerability : CVE-2019-17357

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti through 1.2.7 is affected by a graphs.php?templateid= SQL injection vulnerability affecting how template identifiers are handled when a string and id...

PT-2020-15400 · Jenkins · Jenkins Amazon Ec2 Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Amazon EC2 Plugin versions 1.50.1 and earlier Description: A cross-site request forgery issue allows attackers to provision instances. The vulnerability is due to the plugin not requiring POST requests in several HTTP endpoints,...

UBUNTU-CVE-2019-17357

Cacti through 1.2.7 is affected by a graphs.php?templateid= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, ...

UBUNTU-CVE-2016-2449

services/camera/libcameraservice/device3/Camera3Device.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate template IDs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtainin...

DEBIAN-CVE-2015-4454

SQL injection vulnerability in the gethashgraphtemplate function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graphtemplateid parameter to graphtemplates.php...