Lucene search
K

12 matches found

NVD
NVD
added 2026/07/01 5:16 p.m.8 views

CVE-2026-34099

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...

9.8CVSS0.00459EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 4:4 p.m.29 views

CVE-2026-34098 Guardian Language-System XSS via id Parameter in media.php

Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php lines 119, 129. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS0.00147EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/21 5:10 p.m.11 views

EUVD-2026-31307

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticketid GET parameters directly into an HTML form action URL. Attackers can...

5.4CVSS5.8AI score0.00169EPSS
Exploits0References3
Veracode
Veracode
added 2026/05/16 5:12 a.m.10 views

Command Injection

mcp-server-semgrep is vulnerable to Command Injection. The vulnerability is due to improper sanitization of the ID argument in multiple MCP interface functions, which allows an attacker to inject and execute arbitrary OS commands remotely...

7.5CVSS7.3AI score0.01394EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/03/27 10:10 p.m.17 views

CVE-2026-33991 WeGIA has SQL Injection in deletar_tag.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

8.8CVSS0.00392EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.4 views

code-projects Hostel Management System SQL注入漏洞

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in parameter ID in file /justines/admin/modroomtype/index.php. An attacker can exploit this...

9.8CVSS8.2AI score0.00387EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/08/10 6:14 p.m.6 views

CVE-2012-10046

The E-Mail Security Virtual Appliance ESVA tested on version ESVA2057 contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands...

9.3CVSS7.9AI score0.03005EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.5 views

Campcodes Online Traffic Offense Management System 跨站脚本漏洞

Campcodes Online Traffic Offense Management System is a web-based traffic offense management system. A cross-site scripting vulnerability exists in Campcodes Online Traffic Offense Management System v1.0. The vulnerability stems from the lack of effective filtering and escaping of user-supplied...

6.1CVSS6.3AI score0.00644EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.4 views

Rescue Dispatch Management System SQL注入漏洞

Rescue Dispatch Management System is a rescue dispatch management system from Carlo Montero's personal developer. rescue dispatch management system v1.0 is vulnerable to SQL injection, which originates from /rdms/admin/teams/ manageteam.php?id=The page lacks validation for external input SQL...

9.8CVSS5.9AI score0.01081EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/09/20 12:0 a.m.2 views

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the Responsive 3D Slider WordPress plugin 1.2 and prior...

7.2CVSS7.3AI score0.01467EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2019/10/21 12:0 a.m.4 views

PT-2019-14898 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.8 Description: The issue concerns the use of an unsanitized id variable in the file appdevicesdevice settings.php, which is reflected in HTML and leads to a cross-site scripting XSS issue. Recommendations: For...

6.1CVSS5.9AI score0.00857EPSS
Exploits0References4
OSV
OSV
added 2018/04/07 9:29 p.m.6 views

UBUNTU-CVE-2018-9846

In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "uid" parameter in an archive.php task=mail&mbox=INBOX&action=plugin.move2archive request to perform an MX IMAP injection attack by placing an IMAP...

8.8CVSS7.2AI score0.02289EPSS
Exploits0References7
Rows per page
Query Builder