Lucene search
K

5 matches found

EUVD
EUVD
added 2026/05/08 9:31 a.m.15 views

EUVD-2025-209736

An issue was discovered in Control Web Panel CWP before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php when the "api" parameter is set is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject an...

7.3CVSS6.1AI score0.01186EPSS
Exploits3References4
OSV
OSV
added 2022/05/20 3:15 p.m.3 views

CVE-2021-43729

Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting XSS vulnerability due to an unsanitized Security Key parameter...

5.4CVSS6AI score0.00564EPSS
Exploits1References2
OSV
OSV
added 2021/12/06 4:15 p.m.11 views

CVE-2021-24938

The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocsupdateprofilesdata AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected cross-Site Scripting issue...

6.1CVSS5.8AI score0.00795EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2011/07/14 12:0 a.m.17 views

phpMyAdmin 3.3.x < 3.3.10.2 / 3.4.x < 3.4.3.1 Multiple Vulnerabilities

Binary data 5985.prm...

7.5CVSS7.3AI score0.12879EPSS
Exploits18References10
FreeBSD
FreeBSD
added 2011/07/02 12:0 a.m.52 views

phpmyadmin -- multiple vulnerabilities

The phpMyAdmin development team reports: It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other attacks. An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can...

7.5CVSS6.7AI score0.12879EPSS
Exploits18References4
Rows per page
Query Builder