CVE-2024-38952

CVE-2024-38952 : PX4-Autopilot v1.14.3 has a buffer overflow in the logger component via the topic_name parameter in /logger/logged_topics.cpp. The CVSS 3.1 vector indicates exploitability is NETWORK, with no privileges or user interaction required, and an impact on availability only (I/N; A:H). ...

CVE-2024-33122

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list function...

CVE-2024-33122

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list function...

CVE-2024-33122

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list function...

CVE-2024-33122

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list function...

PT-2024-25124 · Roothub · Roothub

Name of the Vulnerable Software and Affected Versions: Roothub version 2.6 Description: The issue is related to a SQL injection vulnerability. This vulnerability occurs via the topic parameter in the list function. Recommendations: For Roothub version 2.6, consider restricting the use of the list...

Roothub 安全漏洞

Roothub is a forum system developed using SSM and MySQL. A security vulnerability exists in Roothub v2.6, which was discovered to contain an SQL injection vulnerability via the topic parameter in the list function...

CVE-2024-33122

CVE-2024-33122 affects Roothub v2.6. A SQL injection vulnerability exists in the list() function via the topic parameter, caused by unsafe SQL construction. CVSS 3.1 base score 6.3 (Medium) with Low impact across confidentiality, integrity, and availability. No exploits details are provided in th...

Dolibarr Cross-Site Scripting Vulnerability (CNVD-2020-10498)

Dolibarr ERP/CRM is an open source software/freeware for small and medium-sized businesses, organizations or freelancers. It includes different features such as Enterprise Resource Planning ERP and Customer Relationship Management CRM, as well as applications for other different activities. A...

UBUNTU-CVE-2020-9016

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...

PT-2020-20431 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 11.0 Description: The issue allows for XSS attacks through the joinfiles, topic, or code parameter, or the HTTP Referer header. Recommendations: For Dolibarr version 11.0, consider restricting access to the vulnerable...

CVE-2018-19349

In SeaCMS v6.64, there is SQL injection via the adminmakehtml.php topic parameter because of mishandling in include/mkhtml.func.php...

SQL Injection Vulnerability in Topic Parameter of Zaoyang City Shanshui Digital Studio's Website Building System

Zaoyang Shanshui Digital Studio website building system is a website building system. A SQL injection vulnerability exists in the topic parameter of the Zaoyang City Landscape Digital Studio website builder system. Allow attackers to exploit the vulnerability to obtain sensitive information from...

Duomi (DuomiCms) movie and TV management system topic and tid parameters exist SQL injection vulnerability

Duomi DuomiCms film and television management system is a set of specialized video on demand system. A SQL injection vulnerability exists in DuomiCms. The lack of filtering of the 'topic' and 'tid' parameters allows an attacker to exploit the vulnerability to obtain sensitive information from the...

CVE-2015-1058

Multiple cross-site scripting XSS vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dataCategorytitle parameter to admin/categories/add, 2 dataFieldtitle parameter to admin/fields/ajaxfields/, 3 name property in a basicInfo JSON object to...

Sql injection

Multiple SQL injection vulnerabilities in VastHTML Forum Server aka ForumPress plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 searchmax parameter in a search action to index.php, which is not properly handled by wpf.class.php, 2 id paramete...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Harold Bakker's NewsScript HB-NS 1.3 allows remote attackers to inject arbitrary web script or HTML via the topic parameter in a topic action, a different vector than CVE-2006-2146...

CVE-2009-4348

Cross-site scripting XSS vulnerability in index.php in Harold Bakker's NewsScript HB-NS 1.3 allows remote attackers to inject arbitrary web script or HTML via the topic parameter in a topic action, a different vector than CVE-2006-2146...

CVE-2009-4348

The CVE-2009-4348 entry concerns Harold Bakker’s NewsScript (HB-NS) 1.3, where a Cross‑Site Scripting (XSS) flaw exists in index.php. The bug is triggered via the topic parameter in a topic action, enabling remote attackers to inject arbitrary script/HTML. This vulnerability is documented as a se...

Sql injection

SQL injection vulnerability in content.php in Scripts For Sites SFS EZ Career allows remote attackers to execute arbitrary SQL commands via the topic parameter...