17 matches found
CVE-2026-22582
Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Salesforce Marketing Cloud Engagement MicrositeUrl module allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026...
CVE-2022-42122
A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the title field of a friendly URL...
CVE-2010-1359
SQL injection vulnerability in bluegateseo.inc.php in the Direct URL module for xt:Commerce, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the coID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from...
PT-2024-38610 · Webroot · Webroot Secureanywhere - Web Shield
Name of the Vulnerable Software and Affected Versions: Webroot SecureAnywhere - Web Shield versions prior to 2.1.2.3 Description: The issue is related to a 'Type Confusion' vulnerability in the wrUrl.Dll modules of Webroot SecureAnywhere - Web Shield, allowing functionality misuse. This...
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via Friendly URL Module
A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the title field of a friendly URL...
GHSA-HW56-7XJ4-7GX6 Liferay Portal and Liferay DXP Vulnerable to SQL Injection via Friendly URL Module
A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the title field of a friendly URL...
CVE-2022-42127
The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page...
CVE-2022-42122
A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the title field of a friendly URL...
Sql injection
A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the title field of a friendly URL...
CVE-2022-42122
A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the title field of a friendly URL...
PT-2022-26268 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.7 Liferay DXP versions 7.3 fix pack 2 through update 4 Description: A SQL injection issue in the Friendly Url module allows attackers to execute arbitrary SQL commands via a crafted payload injected into the title...
CVE-2022-42127
The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page...
PT-2022-26273 · Liferay · Friendly Url Module +2
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.5 through 7.4.3.36 Liferay DXP 7.4 update 1 through 36 Description: The issue concerns the Friendly Url module, which does not properly check user permissions. This allows remote attackers to obtain the history o...
Liferay Portal和Liferay DXP SQL注入漏洞
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
Sql injection
SQL injection vulnerability in bluegateseo.inc.php in the Direct URL module for xt:Commerce, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the coID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from...
CVE-2010-1359
The CVE-2010-1359 issue affects xt:Commerce, specifically the Direct URL module’s bluegate_seo.inc.php. When magic_quotes_gpc is disabled, an input vector via the coID parameter enables SQL injection, allowing remote attackers to execute arbitrary SQL commands. The vulnerability is described cons...
PT-2010-3056 · Xt:Commerce · Xt:Commerce
Name of the Vulnerable Software and Affected Versions: xt:Commerce affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the coID parameter in the Direct URL module, specifically in the bluegate seo.inc.php file, when magic quotes gpc...