CVE-2026-28562 wpForo Forum 2.4.14 SQL Injection via Topics ORDER BY Parameter

wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::gettopics where the ORDER BY clause relies on ineffective escsql sanitization on unquoted identifiers. Attackers exploit the wpfob parameter with CASE WHEN payloads to perform blind boolean extraction of credentials...

CVE-2025-60782

PHP Education Manager v1.0 is vulnerable to Cross Site Scripting XSS stored Cross-Site Scripting XSS vulnerability in the topics management module topics.php. Attackers can inject malicious JavaScript payloads into the Titlefield during topic creation or updates...

Sql injection

SQL injection vulnerability in index.php in MAXdev MDPro MD-Pro 1.0.8x and earlier before 20070720 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view action in the Topics module, a different vulnerability than CVE-2006-1676...

PT-2007-5158 · Maxdev · Maxdev Md-Pro

Name of the Vulnerable Software and Affected Versions: MAXdev MDPro MD-Pro versions 1.0.8x and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view action in the Topics module. Recommendations: For MAXdev MDPro MD-Pro version...

Md-Pro 1.0.8x - Topics topicid SQL Injection

Md-Pro 1.0.8x - Topics topicid SQL Injection !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Site: http://www.maxdev.com Download: http://www.maxdev.com/mod-Areafiles-display-lid-510-cid-1.phtml Dork: "Powered by Md-Pro" !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...

CVE-2006-1676

SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro MD-Pro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in...

Sql injection

SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro MD-Pro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in...

CVE-2006-1676

SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro MD-Pro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in...

MAXDEV CMS Multiple vulnerabilities

Full Path disclosure --------------------- This hole is caused by direct access to file includes/legacy.php not protected PoC : http://site.co.id/maxdev/includes/legacy.php Fix : Turn off display error in php.ini can fix this security issue Blind sql inject ----------------- This hole is caused b...

CVE-2006-1033

Multiple cross-site scripting XSS vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via 1 uname, 2 error, 3 profile or 4 the username filed parameter to the a YourAccount module, 5 catid, 6 sid, 7 Story Text or 8 Extended text text field...

CVE-2006-1033

Multiple cross-site scripting XSS vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via 1 uname, 2 error, 3 profile or 4 the username filed parameter to the a YourAccount module, 5 catid, 6 sid, 7 Story Text or 8 Extended text text field...