Lucene search
K

6 matches found

CVE
CVE
added 2026/06/11 12:0 a.m.22 views

CVE-2026-38581

CVE-2026-38581 affects damasac thaipalliative_lte up to version 3.0. The flaw is an SQL Injection in /substudy/ezform.php (idFormMain, id parameters) where user input is concatenated into SQL without sanitization or parameterization. This enables remote attackers to execute arbitrary SQL commands...

9.8CVSS6.3AI score0.00329EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/11 12:0 a.m.11 views

EUVD-2026-36241

SQL Injection vulnerability in damasac thaipalliativelte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php line 14 and the id parameter line 49. The parameters are concatenated directly into SQL queries without...

9.8CVSS6.3AI score0.00329EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/11 12:0 a.m.27 views

CVE-2026-38581

SQL Injection vulnerability in damasac thaipalliativelte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php line 14 and the id parameter line 49. The parameters are concatenated directly into SQL queries without...

0.00329EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/05 12:0 a.m.8 views

CVE-2026-38579

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...

5.6AI score0.00199EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/05 12:0 a.m.36 views

CVE-2026-38579

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...

0.00199EPSS
Exploits1References2
CVE
CVE
added 2026/06/05 12:0 a.m.19 views

CVE-2026-38579

CVE-2026-38579 affects damasac/thaipalliative_lte (up to version 3.0). The issue is multiple reflected XSS vulnerabilities in /substudy/ezform.php, where user input parameters idFormMain, id, and ptid_key are echoed into HTML attributes and JavaScript contexts without encoding. Public records sum...

6.1CVSS5.6AI score0.00199EPSS
Exploits1References2
Rows per page
Query Builder