222 matches found
myfactory FMS - Cross-Site Scripting
myfactory.FMS before 7.1-912 allows cross-site scripting via the UID parameter. id: CVE-2021-42565 info: name: myfactory FMS - Cross-Site Scripting author: madrobot,daffainfo severity: medium description: | myfactory.FMS before 7.1-912 allows cross-site scripting via the UID parameter. impact: |...
CVE-2016-20072
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...
CVE-2016-20072 BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...
CVE-2016-20072 BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...
CVE-2026-8851
SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...
EUVD-2026-30804
SOGo 5.12.7 contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can inject malicious SQ...
SOGo SQL注入漏洞
SOGo is a highly fast and scalable modern collaboration suite open source by Alinto. It offers calendar management, address book management, a fully functional webmail client, as well as features for resource sharing and permission handling. Version 5.12.7 of SOGo contains a SQL injection...
EUVD-2026-21541
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference IDOR vulnerability in the Learning Path progress saving endpoint. The file lpajaxsaveitem.php accepts a uid user ID parameter directly from $REQUEST and uses it t...
CVE-2026-33702
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference IDOR vulnerability in the Learning Path progress saving endpoint. The file lpajaxsaveitem.php accepts a uid user ID parameter directly from $REQUEST and uses it t...
CVE-2020-37081
Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database manageme...
MedDream PACS Premium sendOruReport reflected cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2270 MedDream PACS Premium sendOruReport reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-44000 SUMMARY A reflected cross-site scripting xss vulnerability exists in the sendOruReport functionality of MedDream PACS Premium...
CVE-2003-1258
activate.php in versatileBulletinBoard vBB 0.9.5 and 0.9.6 allows remote attackers to gain unauthorized administrative access via a URL request with the uid parameter set to the webmaster uid...
EUVD-2025-197728
A security flaw has been discovered in PHPGurukul Tourism Management System 1.0. The affected element is an unknown function of the file /admin/user-bookings.php. The manipulation of the argument uid results in sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-13247
CVE-2025-13247 affects PHPGurukul Tourism Management System 1.0. The vulnerability is an SQL injection in an unknown function of the file /admin/user-bookings.php, caused by manipulation of the uid argument. It can be exploited remotely, and an exploit has been publicly released. Remediation guid...
CVE-2025-13247 PHPGurukul Tourism Management System user-bookings.php sql injection
A security flaw has been discovered in PHPGurukul Tourism Management System 1.0. The affected element is an unknown function of the file /admin/user-bookings.php. The manipulation of the argument uid results in sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-13123
A flaw has been found in AMTT Hotel Broadband Operation System 1.0. The impacted element is an unknown function of the file /user/portal/getfirstdate.php. Executing manipulation of the argument uid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-13123
A flaw has been found in AMTT Hotel Broadband Operation System 1.0. The impacted element is an unknown function of the file /user/portal/getfirstdate.php. Executing manipulation of the argument uid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-13123 AMTT Hotel Broadband Operation System get_firstdate.php sql injection
A flaw has been found in AMTT Hotel Broadband Operation System 1.0. The impacted element is an unknown function of the file /user/portal/getfirstdate.php. Executing manipulation of the argument uid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...
PT-2025-46890
Name of the Vulnerable Software and Affected Versions AMTT Hotel Broadband Operation System version 1.0 Description A flaw exists in AMTT Hotel Broadband Operation System version 1.0 that allows for SQL injection. Manipulation of the uid argument in the file '/user/portal/get firstdate.php' throu...
AMTT Hotel Broadband Operation System SQL注入漏洞
AMTT Hotel Broadband Operation System is a hotel broadband operation system from China's AMTT company. A SQL injection vulnerability exists in AMTT Hotel Broadband Operation System version 1.0, which originates from improper handling of the uid parameter in the file /user/portal/getfirstdate.php,...