CVE-2017-18364

CVE-2017-18364 concerns phpFK lite and is a reflected cross-site scripting (XSS) vulnerability. The affected components are the web interface files faq.php, members.php, search.php (via query strings) and user.php (via the user parameter). The underlying issue is that user-supplied input in these...

CVE-2019-9594

BlueCMS 1.6 allows SQL Injection via the userid parameter in an uploads/admin/user.php?act=edit request...

CVE-2019-9594

CVE-2019-9594 affects BlueCMS 1.6 and describes an SQL injection vulnerability in the parameter user_id within the uploads/admin/user.php?act=edit request. The vulnerability allows bypassing authentication and manipulating the SQL queries executed by the application, leading to potential disclosu...

CVE-2019-9594

BlueCMS 1.6 allows SQL Injection via the userid parameter in an uploads/admin/user.php?act=edit request...

CVE-2019-7348

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user user.php because proper filtration is omitted...

CVE-2019-7348

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user user.php because proper filtration is omitted...

CVE-2019-7348

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user user.php because proper filtration is omitted...

CVE-2019-7348

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user user.php because proper filtration is omitted...

CVE-2019-7348

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user user.php because proper filtration is omitted...

PT-2019-18553 · Zoneminder +1 · Zoneminder +1

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.32.3 Description: The issue allows an attacker to execute HTML or JavaScript code via a vulnerable username parameter value in the user view user.php due to omitted proper filtration, leading to a persistent...

Sql injection

CrashFix 1.0.4 has SQL Injection via the Userstatus parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search function...

CVE-2018-20508

CrashFix 1.0.4 has SQL Injection via the Userstatus parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search function...

CVE-2018-20508

CrashFix 1.0.4 has SQL Injection via the Userstatus parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search function...

CVE-2018-20508

CVE-2018-20508 affects CrashFix 1.0.4 with a SQL Injection vulnerability exploitable via the User[status] parameter. The issue is tied to actionIndex in UserController.php and the protected\models\User.php search() function. The connected documents confirm the vulnerability detail but do not prov...

CVE-2018-18316

emlog v6.0.0 has CSRF via the admin/user.php?action=new URI...

CVE-2018-18316

emlog v6.0.0 has CSRF via the admin/user.php?action=new URI...

Cross site request forgery (csrf)

emlog v6.0.0 has CSRF via the admin/user.php?action=new URI...

CVE-2018-18316

Affected software: emlog. Vulnerability: CSRF via the admin/user.php?action=new URI in emlog v6.0.0. Root cause/impact: CSRF could allow unauthorized actions; the connected documents only state the CSRF issue with that URI and do not provide deeper technical specifics, affected modules beyond adm...

CVE-2018-18316

emlog v6.0.0 has CSRF via the admin/user.php?action=new URI...

MaxOn ERP Software 8.x-9.x - nomor SQL Injection

MaxOn ERP Software 8.x-9.x - nomor SQL Injection Exploit Title: MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.talagasoft.com Software Link: http://demo.maxonerp.com/ Software Download:...