20 matches found
CVE-2025-52042
In Frappe ERPNext 15.57.5, the function getrfqcontainingsupplier at erpnext/buying/doctype/requestforquotation/requestforquotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query via the txt parameter...
ERPNext 安全漏洞
ERPNext is an open source enterprise resource planning solution from ERPNext India. A security vulnerability exists in ERPNext version 15.57.5, which stems from an unvalidated txt parameter that could lead to an SQL injection attack...
CVE-2025-52039
In Frappe ERPNext 15.57.5, the get_material_requests_based_on_supplier() function in erpnext/stock/doctype/material_request/material_request.py is vulnerable to SQL Injection via the txt parameter, enabling an attacker to extract data from the database. Root cause: unsafe SQL handling in the func...
CVE-2025-52039
In Frappe ERPNext 15.57.5, the function getmaterialrequestsbasedonsupplier at erpnext/stock/doctype/materialrequest/materialrequest.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the txt parameter...
CVE-2023-41451
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component...
CVE-2023-41452
Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component...
Cross site scripting
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component...
PT-2023-27955 · Unknown · Phpkobo Ajaxnewticker
Name of the Vulnerable Software and Affected Versions: phpkobo AjaxNewTicker version 1.0.5 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the "index.php" component. This enables the attacker to inject...
phpkobo AjaxNewTicker Cross-Site Request Forgery Vulnerability
phpkobo AjaxNewTicker is an application from phpkobo Inc. A security vulnerability exists in phpkobo AjaxNewTicker version v.1.0.5, which stems from a cross-site request forgery CSRF vulnerability in the parameter txt of the file index.php...
CVE-2023-41451
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component...
CVE-2021-26753
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...
CVE-2021-26753
CVE-2021-26753 affects NeDi 1.9C. An authenticated user can inject PHP code via the txt HTTP POST parameter to /System-Files.php, enabling code execution and access to the underlying OS and all application data. Connected sources confirm the vulnerability details; no remediation steps are provide...
CVE-2020-15016
NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-Converter.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the txt GET parameter...
s-cms code execution vulnerability
s-cms is a content management system CMS based on PHP and MySQL. A security vulnerability exists in the file management for website security in s-cms version 3.0. The vulnerability can be exploited by remote attackers to generate robots.php files with the help of the 'txt' parameter of the...
CVE-2018-18426
s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter...
Code injection
s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter...
CVE-2018-18426
s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter...
CVE-2018-18426
CVE-2018-18426 affects s-cms 3.0. A remote attacker can achieve arbitrary PHP code execution by placing code in a crafted User-agent Disallow value in robots.php txt parameter. Multiple sources (NVD/NVC CNVD/CVE listings) describe the same vector: the vulnerability in the robots.php handling allo...
CVE-2014-8087
Cross-site scripting XSS vulnerability in the post highlights plugin before 2.6.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the txt parameter in a headline action to ajax/phsave.php...
Authentication flaw
SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to 1 chatno.php and 2 chatif.php...