8 matches found
EUVD-2021-11308
Malware in sbrugna...
CVE-2021-24394
An id GET parameter of the Easy Testimonial Manager WordPress plugin through 1.2.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...
CVE-2021-24772
The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue...
CVE-2020-15500
An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS...
CVE-2024-45059
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the ieducar/intranet/funcionariovinculodet.php file, which creates the query by...
Local File Inclusion
Overview All versions of domokeeper are vulnerable to Local File Inclusion. The /plugin/ route passes a GET parameter unsanitized to a require call. It then returns the output of require in the server response. This may allow attackers to load unintended code in the application. It also allows...
CVE-2018-12090
There is unauthenticated reflected cross-site scripting XSS in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change...
CVE-2018-12090
LAMS prior to 3.1 is affected by an unauthenticated reflected XSS that allows injection of arbitrary JavaScript via an unsanitized GET parameter in forgotPasswordChange.jsp?key=. This is triggered through remote access without authentication; impact is confined to script execution in the victim’s...