CVE-2025-52042

In Frappe ERPNext 15.57.5, the function getrfqcontainingsupplier at erpnext/buying/doctype/requestforquotation/requestforquotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query via the txt parameter...

CVE-2025-52039

In Frappe ERPNext 15.57.5, the function getmaterialrequestsbasedonsupplier at erpnext/stock/doctype/materialrequest/materialrequest.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the txt parameter...

ERPNext 安全漏洞

ERPNext is an open source enterprise resource planning solution from ERPNext India. A security vulnerability exists in ERPNext version 15.57.5, which stems from an unvalidated txt parameter that could lead to an SQL injection attack...

CVE-2025-52039

In Frappe ERPNext 15.57.5, the get_material_requests_based_on_supplier() function in erpnext/stock/doctype/material_request/material_request.py is vulnerable to SQL Injection via the txt parameter, enabling an attacker to extract data from the database. Root cause: unsafe SQL handling in the func...

CVE-2023-41451

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component...

CVE-2023-41452

Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component...

Cross site scripting

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component...

phpkobo AjaxNewTicker Cross-Site Request Forgery Vulnerability

phpkobo AjaxNewTicker is an application from phpkobo Inc. A security vulnerability exists in phpkobo AjaxNewTicker version v.1.0.5, which stems from a cross-site request forgery CSRF vulnerability in the parameter txt of the file index.php...

PT-2023-27955 · Unknown · Phpkobo Ajaxnewticker

Name of the Vulnerable Software and Affected Versions: phpkobo AjaxNewTicker version 1.0.5 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the "index.php" component. This enables the attacker to inject...

CVE-2023-41451

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component...

CVE-2021-26753

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...

CVE-2021-26753

CVE-2021-26753 affects NeDi 1.9C. An authenticated user can inject PHP code via the txt HTTP POST parameter to /System-Files.php, enabling code execution and access to the underlying OS and all application data. Connected sources confirm the vulnerability details; no remediation steps are provide...

CVE-2020-15016

NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-Converter.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the txt GET parameter...

s-cms code execution vulnerability

s-cms is a content management system CMS based on PHP and MySQL. A security vulnerability exists in the file management for website security in s-cms version 3.0. The vulnerability can be exploited by remote attackers to generate robots.php files with the help of the 'txt' parameter of the...

CVE-2018-18426

s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter...

Code injection

s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter...

CVE-2018-18426

s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter...

CVE-2018-18426

CVE-2018-18426 affects s-cms 3.0. A remote attacker can achieve arbitrary PHP code execution by placing code in a crafted User-agent Disallow value in robots.php txt parameter. Multiple sources (NVD/NVC CNVD/CVE listings) describe the same vector: the vulnerability in the robots.php handling allo...

CVE-2014-8087

Cross-site scripting XSS vulnerability in the post highlights plugin before 2.6.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the txt parameter in a headline action to ajax/phsave.php...

Authentication flaw

SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to 1 chatno.php and 2 chatif.php...