CVE-2015-10031 purpleparrots 491-Project Highscore update.php sql injection

A vulnerability classified as critical was found in purpleparrots 491-Project. This vulnerability affects unknown code of the file update.php of the component Highscore Handler. The manipulation leads to sql injection. The name of the patch is a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab. It is...

CVE-2015-10031

The CVE-2015-10031 issue affects purpleparrots 491-Project, specifically the Highscore Handler’s update.php where unknown code execution leads to SQL injection. This is documented as a critical vulnerability with a patch named a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab. According to the connected s...

CVE-2022-43279

LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php...

Sql injection

LimeSurvey v5.4.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php...

Sql injection

Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php...

CVE-2022-35422

CVE-2022-35422 affects Web Based Quiz System v1.0, with a SQL injection via the qid parameter in update.php. The Red/European and vendor-related entries confirm the vulnerability is in the web app and involves the qid input being used in a SQL query, leading to potential data exposure or modifica...

Code injection

Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources...

CVE-2014-8937

Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources...

CVE-2014-8937

The CVE-2014-8937 entry concerns Lexiglot (PHP-based translation platform) up to version released 2014-11-20. The vulnerability stems from api/update.php performing svn update operations that consume substantial server resources, leading to denial of service. The connected documents confirm the c...

CVE-2018-12622

An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the fieldname parameter...

CVE-2018-12622

An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the fieldname parameter...

CVE-2018-12622

An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the fieldname parameter...

QYKCMS update.php page has an arbitrary file deletion vulnerability

QYKCMS is a lightweight intelligent website building system based on PHP+MySql developed by QYK. QYKCMS update.php page exists arbitrary file deletion vulnerability. Allow attackers to exploit the vulnerability to delete arbitrary files, such as deleting install.lck for CMS reloading, hijacking t...

Steam Profile Integration 2.0.11 - SQL injection

Steam Profile Integration 2.0.11 - SQL injection Exploit Title: IPS Community Suite - Steam Profile Integration 2.0.11 and below SQL injection Google Dork: inurl:tab=nodesteamsteamprofile Date: 13/03/2017 Exploit Author: DrWhat Vendor Homepage:...

akasa.cn XSS vulnerability

Vulnerable URL: http://akasa.cn/update.php?no=181=AK-HPC01-BK="=product/product.detail.tplsub=2.5 Enclosure Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 14:48 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

akasa.biz XSS vulnerability

Vulnerable URL: http://www.akasa.biz/update.php?no=181="=Notebook coolers=product/product.detail.tplsub=NB Coolers Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

osCommerce <= 2.2 (extras) Source Code Disclosure Vulnerability

No description provided by source. ---- osCommerce = 2.2 extras/ information/source code disclosure ------------ software site: http://www.oscommerce.com/ if extras/ folder is placed inside the www path, you can see all files on target system, including php source code with database details, poc:...

Logaholic update.php page Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/27003/info Logaholic is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues, a cross-site scripting issue, and an HTML-injection issue. The issues occur because the application fail...

Secworld waf /admin/ids/waf_update.php 命令执行漏洞

No description provided by source...

CVE-2012-5231

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted 1 pagename or 2 area variable containing an executable extension, which is not properly handled by a update.php when writing files to content/, or b updatenews.php when writing files to content/news/...