Sql injection

OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php...

CVE-2019-14266

OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php...

CVE-2019-14266

OpenSNS v6.1.0 is affected by an SQL injection in the index.php?s=/ucenter/Config/ uid parameter caused by the getNeedQueryData function in Application/Common/Model/UserModel.class.php. The issue enables manipulation of SQL queries via the uid parameter, as documented by multiple sources (e.g., C...

CVE-2018-13294

Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter...

CVE-2018-13294

Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter...

CVE-2018-18084

An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter...

CVE-2018-18084

An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter...

Sql injection

An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter...

CVE-2018-18084

An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter...

CVE-2018-18084

CVE-2018-18084 affects DuomiCMS 3.0. A SQL injection exists in the ajax.php file, demonstrated by the uid parameter. The issue is rated with CVSS v3.1: base score 9.8 (CRITICAL), vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network attack needs no authentication or user interac...

Dicoogle PACS 2.5.0 - Directory Traversal

Dicoogle PACS 2.5.0 - Directory Traversal Exploit Title: Dicoogle PACS 2.5.0 - Directory Traversal Date: 2018-05-25 Software Link: http://www.dicoogle.com/home Version: Dicoogle PACS 2.5.0-201712291522 Category: webapps Tested on: Windows 2012 R2 Exploit Author: Carlos Avila Contact:...

CVE-2017-17776

Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter...

Path traversal

Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter...

CVE-2017-17778

Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter...

CVE-2017-17776

Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter...

PHP Scripts Mall Paid To Read Script SQL Injection Vulnerability

PHP Scripts Mall Paid To Read Script is a set of paid to read website scripts by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Paid To Read Script version 2.0.5. A remote attacker can inject SQL into the Paid To Read Script 2.0.5 by sending the 'uid' parameter t...

Paid To Read Script Cross-Site Scripting Vulnerability

PHP Scripts Mall Paid To Read Script is a set of paid to read website scripts by PHP Scripts Mall India. A cross-site scripting vulnerability exists in PHP Scripts Mall Paid To Read Script version 2.0.5. A remote attacker can exploit this vulnerability by sending the 'tier' parameter to the...

CVE-2017-17651

Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter...

CVE-2017-17651

Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter...

SQL injection vulnerability in the uid parameter in the admin_members.php page of the Ocean CMS website builder system

Ocean CMS is an open source website builder. A SQL injection vulnerability exists in the /admin/adminmembers.php page of the Ocean CMS system. The lack of filtering of the "uid" parameter allows attackers to exploit the vulnerability to obtain sensitive database information...