CVE-2026-31939

Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $REQUEST'test' is concatenated directly into filesystem path without canonicalization or traversal checks. This vulnerabilit...

EUVD-2026-18408

A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function pingtest of the file /setup.cgi. Performing a manipulation of the argument c4IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The...

EUVD-2002-1620

Malware in sbrugna...

CVE-2022-29728

Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting XSS vulnerability in the test parameter...

CVE-2018-10128

An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php...

PT-2024-26872 · Engenius · Engenius Enstation5-Ac

Name of the Vulnerable Software and Affected Versions: EnGenius EnStation5-AC A8J-ENS500AC version 1.0.0 Description: The issue allows blind OS command injection via shell metacharacters in the Ping and Speed Test parameters. This can potentially be exploited to execute unauthorized commands on t...

Kashipara Music Management System 安全漏洞

Kashipara Music Management System is a music management system from Kashipara. A cross-site scripting vulnerability exists in Kashipara Music Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the page parameter of...

be.zvz:KotlinInside (>=1.14.0 <=1.14.6), com.google.protobuf:protobuf-kotlin-lite (>=3.20.0 <=3.20.2) +8 more potentially affected by CVE-2022-3509 via com.google.protobuf:protobuf-javalite (>=3.20.0 <=3.20.2)

com.google.protobuf:protobuf-javalite MAVEN version =3.20.0, =1.14.0, =3.20.0, =2.12.0, =2.12.0, =2.3.0, =0.2.4, =0.2.6 - io.github.dimensiondev:maskwalletcore =0.5.0 Source cves: CVE-2022-3509 Source advisory: OSV:GHSA-G5WW-5JH7-63CX...

CVE-2022-43051

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=deletetest...

be.zvz:KotlinInside (>=1.14.0 <=1.14.6), com.google.protobuf:protobuf-kotlin-lite (>=3.20.0 <=3.20.2) +8 more potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-javalite (>=3.20.0-rc-1 <=3.20.2)

com.google.protobuf:protobuf-javalite MAVEN version =3.20.0-rc-1, =1.14.0, =3.20.0, =2.12.0, =2.12.0, =2.3.0, =0.2.4, =0.2.6 - io.github.dimensiondev:maskwalletcore =0.5.0 Source cves: CVE-2022-3171 Source advisory: OSV:GHSA-H4H5-3HR4-J3G2...

CVE-2022-29728

Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting XSS vulnerability in the test parameter...

Cross site scripting

Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting XSS vulnerability in the test parameter...

Wordpress Load More SQL注入漏洞

Wordpress Load More is Wordpress an open source application plugin . Provide a load more items function . WordPress Load More plugin before 5.3.2 SQL injection vulnerability exists , the vulnerability stems from /wp-admin/admin-ajax.php repeater parameter or type=test parameter...

paypal-ipn spoofing vulnerability

paypal-ipn is a node.js package for validating PayPal IPN messages. A security vulnerability exists in paypal-ipn versions prior to 3.0.0. An attacker can exploit this vulnerability by using an emulator build request to spoof arbitrary applications that do not detect the 'testipn' parameter...

XYHCMS Cross-Site Scripting Vulnerability

XYHCMS is an open source content management system CMS. A cross-site scripting vulnerability exists in XYHCMS version 3.5. A remote attacker can exploit this vulnerability by sending the 'test' parameter to the index.php file to execute JavaScript code...

Design/Logic Flaw

An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php...

CVE-2018-10128

An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php...

CVE-2018-10128

An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php...

espcms Command Execution Vulnerability可getshell（鸡肋）

简要描述： RT 详细说明： 在后台getshell，略鸡肋 在/datacache/command.php文件 $CONFIG=Array //ICP备案 'icpbeian'='', //网站状态 'isclose'=0, //管理员Email 'adminemail'='[email protected]', //网站网址 'domain'='http://localhost/espcms/', //日志记录 'islog'=1, ………… 后台修改网站系统设置后可将代码写入command.php中 访问command.php并传参...

CVE-2009-3501

SQL injection vulnerability in students.php in BPowerHouse BPStudents 1.0 allows remote attackers to execute arbitrary SQL commands via the test parameter in a preview action...