CVE-2018-14967

An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.user.php has SQL Injection via the numPerPage parameter...

CVE-2017-17103

Fiyo CMS 2.0.7 has SQL injection in /apps/appuser/sysuser.php via $POSTname or $POSTemail. This vulnerability can lead to escalation from normal user privileges to administrator privileges...

Stored Cross-Site Scripting Vulnerability in ASK2 user.php

ASK2 Q&A system belongs to the Beijing Zhengying Network Technology Company's products , is a set of open source php Q&A system , integration of paid Q&A system , paid voice Q&A system . ASK2 user.php has a stored cross-site scripting vulnerability , because the system fails to strictly filter th...

PT-2012-2145 · Unknown · Banana Dance

Name of the Vulnerable Software and Affected Versions: Banana Dance versions prior to B.1.5 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the id parameter in the user.php file. Recommendations: For versions prior to B.1.5, update to version...

iGeneric iG Calendar USER.PHP SQL注入漏洞

iGeneric iG Calendar是一款基于PHP的WEB应用程序。 iGeneric iG Calendar不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是'USER.PHP'脚本对用户提交的'id'参数缺少过滤，提交恶意脚本代码作为参数数据，可导致获得敏感信息。 iGeneric iG Calendar 1.0 目前没有解决方案提供： http://www.igeneric.co.uk/displayresources/resource3.html...