Lucene search
+L

63 matches found

nvd
nvd
added 2022/01/31 7:15 p.m.22 views

CVE-2021-46459

Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=adduser. These vulnerabilities can be exploited through a crafted POST request via the username, userfirstname,userlastname, or useremail parameters...

7.5CVSS0.0137EPSS
Exploits1References2
prion
prion
added 2022/01/31 7:15 p.m.14 views

Sql injection

Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=adduser. These vulnerabilities can be exploited through a crafted POST request via the username, userfirstname,userlastname, or useremail parameters...

5CVSS7.9AI score0.0137EPSS
Exploits1References2Affected Software1
nvd
nvd
added 2021/10/29 4:15 p.m.25 views

CVE-2021-41674

An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the useremail parameter in /admin/login.php...

9.8CVSS0.01684EPSS
Exploits1References3
osv
osv
added 2021/10/29 4:15 p.m.4 views

CVE-2021-41674

An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the useremail parameter in /admin/login.php...

9.8CVSS5.8AI score0.01684EPSS
Exploits1References3
cvelist
cvelist
added 2021/10/29 3:30 p.m.28 views

CVE-2021-41674

An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the useremail parameter in /admin/login.php...

10AI score0.01684EPSS
Exploits1References3
zdt
zdt
added 2020/02/06 12:0 a.m.135 views

Online Job Portal 1.0 - (user_email) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Job Portal 1.0 - 'useremail' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...

7.1AI score
Exploits0
nvd
nvd
added 2019/10/11 6:15 p.m.16 views

CVE-2015-9482

The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information such as userlogin, userpass, and useremail values via a direct request for the wp-content/uploads/tmmdbmigrate/wpusers.dat URI...

7.5CVSS7.4AI score0.03065EPSS
Exploits1References1
packetstorm
packetstorm
added 2019/03/19 12:0 a.m.47 views

Netartmedia Real Estate Portal 5.0 SQL Injection

Exploit Title: Netartmedia Real Estate Portal 5.0 - Multiple SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Amit BAYRAM Vendor Homepage: https://www.netartmedia.net/realestate/ Demo Site: https://www.phpscriptdemos.com/realestate/ Version: 5.0 Tested on: Kali Linux CVE: N/A Description: The...

0.8AI score
Exploits0
nvd
nvd
added 2014/04/01 3:25 a.m.24 views

CVE-2013-7349

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 newsid parameter to news/send.php, 2 threadid parameter to posts/edit.php, or 3 useremail parameter to users/password.php or 4 users/register.php. NOTE: these issues were SPLIT...

7.5CVSS8.4AI score0.02683EPSS
Exploits1References7
cvelist
cvelist
added 2012/07/12 7:0 p.m.40 views

CVE-2012-3805

Multiple cross-site scripting XSS vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 absendername, 2 absenderemail, or 3 absendernachricht parameter to the content page; 4...

5.7AI score0.01646EPSS
Exploits3References5
exploitdb
exploitdb
added 2008/07/28 12:0 a.m.13440 views

Pligg CMS 9.9.0 - 'story.php' SQL Injection

|| | | Pligg Beta 9.9.0 id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | | script : http://www.pligg.com/ | | DorK : Powered By Pligg | Legal: License...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2008/07/01 12:0 a.m.40 views

PHP-Nuke Platinium 7.6.b.5 - Remote Code Execution

PHP-Nuke Platinium 7.6.b.5 - Remote Code Execution Date: 02/07/08 Note I modified a bit phpsploit for this exploit, because PHP Nuke plays with REQUESTURI var ... Requirements registerglobals=On phpreter phpreter is really easy to use: You can change mode using "mode=", with = sql, php or cmd If...

Exploits0
exploitdb
exploitdb
added 2008/04/19 12:0 a.m.51 views

AllMyGuests 0.4.1 - 'AMG_id' SQL Injection

Found by : -=Player=- Contacts : 282-246-419 ICQ Greatz to: LidlosesAuge, Suicide, enco, Free-Hack Script : AllMyGuests Site : http://www.php-resource.net/ Dork : "powered by AllMyGuests" Valnu : index.php Parameter: AMGid Injection:...

7.4AI score
Exploits0
prion
prion
added 2008/01/09 12:46 a.m.21 views

Sql injection

SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via 1 the useremail parameter and possibly 2 username parameter in a Members action...

6.8CVSS9.1AI score0.00914EPSS
Exploits1References4Affected Software1
nvd
nvd
added 2007/09/26 10:17 p.m.18 views

CVE-2007-5105

Cross-site scripting XSS vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the useremail parameter...

4.3CVSS5.7AI score0.04381EPSS
Exploits0References6
ubuntucve
ubuntucve
added 2007/09/26 10:17 p.m.33 views

CVE-2007-5105

Cross-site scripting XSS vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the useremail parameter...

4.3CVSS6.1AI score0.04381EPSS
Exploits0References2
cvelist
cvelist
added 2007/09/26 10:0 p.m.28 views

CVE-2007-5105

Cross-site scripting XSS vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the useremail parameter...

5.7AI score0.04381EPSS
Exploits0References6
cve
cve
added 2007/09/26 10:0 p.m.60 views

CVE-2007-5105

CVE-2007-5105 is a Cross-site Scripting (XSS) flaw in WordPress versions 2.0 and 2.0.1, exploitable via the user_email parameter in wp-register.php. The underlying issue is a script/HTML injection vulnerability that remote attackers can trigger, as documented across multiple sources (WordPress wp...

4.3CVSS5.6AI score0.04381EPSS
Exploits0References6Affected Software1
debiancve
debiancve
added 2007/09/26 10:0 p.m.31 views

CVE-2007-5105

Cross-site scripting XSS vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the useremail parameter...

4.3CVSS4.2AI score0.04381EPSS
Exploits0
patchstack
patchstack
added 2007/09/26 12:0 a.m.24 views

WordPress <= 2.0.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "useremail" parameter. Solution Update WordPress...

4.3CVSS2.8AI score0.04381EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder