5 matches found
EUVD-2025-209736
An issue was discovered in Control Web Panel CWP before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php when the "api" parameter is set is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject an...
CVE-2021-43729
Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting XSS vulnerability due to an unsanitized Security Key parameter...
CVE-2021-24938
The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocsupdateprofilesdata AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected cross-Site Scripting issue...
phpMyAdmin 3.3.x < 3.3.10.2 / 3.4.x < 3.4.3.1 Multiple Vulnerabilities
Binary data 5985.prm...
phpmyadmin -- multiple vulnerabilities
The phpMyAdmin development team reports: It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other attacks. An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can...