63 matches found
CVE-2021-46459
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=adduser. These vulnerabilities can be exploited through a crafted POST request via the username, userfirstname,userlastname, or useremail parameters...
Sql injection
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=adduser. These vulnerabilities can be exploited through a crafted POST request via the username, userfirstname,userlastname, or useremail parameters...
CVE-2021-41674
An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the useremail parameter in /admin/login.php...
CVE-2021-41674
An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the useremail parameter in /admin/login.php...
CVE-2021-41674
An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the useremail parameter in /admin/login.php...
Online Job Portal 1.0 - (user_email) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Job Portal 1.0 - 'useremail' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...
CVE-2015-9482
The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information such as userlogin, userpass, and useremail values via a direct request for the wp-content/uploads/tmmdbmigrate/wpusers.dat URI...
Netartmedia Real Estate Portal 5.0 SQL Injection
Exploit Title: Netartmedia Real Estate Portal 5.0 - Multiple SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Amit BAYRAM Vendor Homepage: https://www.netartmedia.net/realestate/ Demo Site: https://www.phpscriptdemos.com/realestate/ Version: 5.0 Tested on: Kali Linux CVE: N/A Description: The...
CVE-2013-7349
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 newsid parameter to news/send.php, 2 threadid parameter to posts/edit.php, or 3 useremail parameter to users/password.php or 4 users/register.php. NOTE: these issues were SPLIT...
CVE-2012-3805
Multiple cross-site scripting XSS vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 absendername, 2 absenderemail, or 3 absendernachricht parameter to the content page; 4...
Pligg CMS 9.9.0 - 'story.php' SQL Injection
|| | | Pligg Beta 9.9.0 id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | | script : http://www.pligg.com/ | | DorK : Powered By Pligg | Legal: License...
PHP-Nuke Platinium 7.6.b.5 - Remote Code Execution
PHP-Nuke Platinium 7.6.b.5 - Remote Code Execution Date: 02/07/08 Note I modified a bit phpsploit for this exploit, because PHP Nuke plays with REQUESTURI var ... Requirements registerglobals=On phpreter phpreter is really easy to use: You can change mode using "mode=", with = sql, php or cmd If...
AllMyGuests 0.4.1 - 'AMG_id' SQL Injection
Found by : -=Player=- Contacts : 282-246-419 ICQ Greatz to: LidlosesAuge, Suicide, enco, Free-Hack Script : AllMyGuests Site : http://www.php-resource.net/ Dork : "powered by AllMyGuests" Valnu : index.php Parameter: AMGid Injection:...
Sql injection
SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via 1 the useremail parameter and possibly 2 username parameter in a Members action...
CVE-2007-5105
Cross-site scripting XSS vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the useremail parameter...
CVE-2007-5105
Cross-site scripting XSS vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the useremail parameter...
CVE-2007-5105
Cross-site scripting XSS vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the useremail parameter...
CVE-2007-5105
CVE-2007-5105 is a Cross-site Scripting (XSS) flaw in WordPress versions 2.0 and 2.0.1, exploitable via the user_email parameter in wp-register.php. The underlying issue is a script/HTML injection vulnerability that remote attackers can trigger, as documented across multiple sources (WordPress wp...
CVE-2007-5105
Cross-site scripting XSS vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the useremail parameter...
WordPress <= 2.0.1 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "useremail" parameter. Solution Update WordPress...