Linux Distros Unpatched Vulnerability : CVE-2018-9846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled uid paramet...

CVE-2018-25113

An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter...

CVE-2018-25113 Dicoogle PACS Web Server 2.5.0 Unauthenticated Path Traversal

An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter...

Complaint Management System /admin/manage-users.php File SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter uid in the /admin/manage-users.php file. An attacker can exploit...

CVE-2025-5657

A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of the argument uid leads to sql injection. The attack may be initiated remotely. The exploit ha...

PHPGurukul Complaint Management System 注入漏洞

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter uid in the /admin/manage-users.php file. An attacker can exploit...

CVE-2025-5439

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the...

CVE-2023-41623

Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php...

CVE-2023-2089

A vulnerability was found in SourceCodester Complaint Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/userprofile.php of the component GET Parameter Handler. The manipulation of the argument uid leads to sql injection. The attack...

CVE-2019-14266

OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Config/ uid parameter because of the getNeedQueryData function in Application/Common/Model/UserModel.class.php...

CVE-2011-4820

IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences...

The vulnerability of the check_dws_cooki() function in the wireless repeater software developed by D-Link DAP-1620 allows a intruder to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the checkdwscooki function in the wireless repeater software from D-Link DAP-1620 relates to the issue of the operation exceeding the buffer boundaries in memory when processing the uid parameter. Exploiting this vulnerability allows an attacker to compromise the...

CVE-2025-0535

A vulnerability classified as critical has been found in Codezips Gym Management System 1.0. This affects an unknown part of the file /dashboard/admin/editmemsubmit.php. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has be...

Codezips Gym Management System 注入漏洞

Codezips Gym Management System is an open source gym management system from Codezips. An injection vulnerability exists in Codezips Gym Management System version 1.0, which stems from the parameter uid in the file /dashboard/admin/editmemsubmit.php that can lead to SQL injection...

CVE-2024-10733

A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2024-43772

SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter...

CVE-2024-43774 Huachu Easytest Online Learning Test Platform - SQL Injection

SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid parameter...

CVE-2024-43774 Huachu Easytest Online Learning Test Platform - SQL Injection

SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid parameter...

CVE-2024-43774

The CVE concerns Easytest Online Test Platform (versions 24E01 and earlier). The vulnerability is a SQL injection in the download personal learning course function, exploitable via the uid parameter. A remote authenticated attacker could execute arbitrary SQL commands, with potential impact on co...

CVE-2024-43772 Huachu Easytest Online Learning Test Platform - SQL Injection

SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter...