62 matches found
CVE-2026-46493
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use uniqid for generating salts, which is unsuitable. Version 26.0.1 fixes the issue...
CVE-2026-46493
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use uniqid for generating salts, which is unsuitable. Version 26.0.1 fixes the issue...
CVE-2026-46493
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use uniqid for generating salts, which is unsuitable. Version 26.0.1 fixes the issue...
CVE-2026-46493 haxtheweb/haxcms-php uses insecure method for generating salt
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use uniqid for generating salts, which is unsuitable. Version 26.0.1 fixes the issue...
CVE-2026-46493 haxtheweb/haxcms-php uses insecure method for generating salt
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use uniqid for generating salts, which is unsuitable. Version 26.0.1 fixes the issue...
PT-2026-47042
Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.1 Description The software uses the uniqid function for generating salts, which is unsuitable for security purposes as it does not provide sufficient randomness. Recommendations Update to version 26.0.1...
HAXCMS 安全特征问题漏洞
HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS prior to 26.0.1 had security-related vulnerabilities, which stemmed from the use of uniqid to generate salt values, making them unsuitable for secure purposes...
CVE-2026-6287
The CVE-2026-6287 entry concerns the ShopLentor — WooCommerce Builder for Elementor & Gutenberg WordPress plugin. Vulnerability: Stored Cross‑Site Scripting via the blockUniqId attribute in multiple Product Grid blocks (versions up to and including 3.3.8) caused by insufficient input sanitization...
CVE-2026-9421
A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...
CVE-2026-9421
A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...
CVE-2026-9421
A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...
CVE-2026-9421 KLiK SocialMediaWebsite File upload.inc.php uniqid unrestricted upload
A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...
CVE-2026-9421 KLiK SocialMediaWebsite File upload.inc.php uniqid unrestricted upload
A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...
CVE-2026-9421
CVE-2026-9421 affects KLiK SocialMediaWebsite 1.0. The vulnerability lies in the uniqid function within the file upload.inc.php of the File Handler component, enabling unrestricted file upload. It can be exploited remotely, and public disclosure of the exploit is noted in the entry. No remediatio...
PT-2026-42999
A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...
KLiK SocialMediaWebsite 代码问题漏洞
KLiK SocialMediaWebsite is a simple PHP-based social media website by the individual developer Muhammad Saad. A code issue vulnerability exists in version 1.0 of KLiK SocialMediaWebsite, which stems from the File Handler component's manipulation of the function uniqid in the file upload.inc.php,...
AVideo notify.ffmpeg.json.php Unauthenticated RCE via Salt Discovery
This module exploits an unauthenticated remote code execution RCE vulnerability in AVideo's notify.ffmpeg.json.php endpoint. The vulnerability stems from a critical cryptographic weakness in the salt generation mechanism combined with information disclosure vulnerabilities that allow an attacker ...
CVE-2021-22948
Vulnerability in the generation of session IDs in revive-adserver 5.3.0, based on the cryptographically insecure uniqid PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account...
CVE-2021-47720
Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like oldprojectid, projectid, uuid, and uniqid to potentially extract...
CVE-2021-47720 Orangescrum 1.8.0 Authenticated SQL Injection via Multiple Parameters
Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like oldprojectid, projectid, uuid, and uniqid to potentially extract...