Lucene search
+L

116 matches found

Vulnrichment
Vulnrichment
added 2024/01/02 12:0 a.m.5 views

CVE-2020-26625

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'userid' parameter after the login portal...

5.2AI score0.00662EPSS
Exploits3References3
Cvelist
Cvelist
added 2024/01/02 12:0 a.m.32 views

CVE-2020-26625

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'userid' parameter after the login portal...

5.1AI score0.00662EPSS
Exploits3References3
Veracode
Veracode
added 2023/11/01 8:58 a.m.20 views

Information Disclosure

matrixsynapse is vulnerable to Information Disclosure. The vulnerability is caused by a missing validation check for the userid parameter used to query cached device information of remote users. This can lead to enumerating the remote users known to a homeserver...

5.3CVSS6.8AI score0.00897EPSS
Exploits0References5Affected Software3
OSV
OSV
added 2023/04/07 6:15 p.m.2 views

CVE-2023-1940

A vulnerability classified as critical was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This vulnerability affects unknown code of the file deleteuserquery.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. The...

9.1CVSS6.5AI score0.00641EPSS
Exploits1References3
CNVD
CNVD
added 2023/01/14 12:0 a.m.24 views

Lead Management System SQL Injection Vulnerability (CNVD-2023-05740)

Lead management system is a lead management system developed by Mayuri K. The Lead Management System v1.0 version is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in the userid parameter of changePassword.php. An attacker could use this...

9.8CVSS3.6AI score0.00872EPSS
Exploits1References1
NVD
NVD
added 2023/01/11 3:15 p.m.26 views

CVE-2022-47859

Lead Management System v1.0 is vulnerable to SQL Injection via the userid parameter in changePassword.php...

9.8CVSS9.8AI score0.00872EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/01/11 12:0 a.m.33 views

CVE-2022-47859

Lead Management System v1.0 is vulnerable to SQL Injection via the userid parameter in changePassword.php...

10AI score0.00872EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/08/19 1:21 p.m.29 views

CVE-2022-34621

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference IDOR vulnerability which allows attackers to modify user passwords and other attributes via modification of the userid parameter...

6.7AI score0.01106EPSS
Exploits0References5
CVE
CVE
added 2022/04/10 9:1 p.m.77 views

CVE-2022-27960

CVE-2022-27960 affects OFCMS v1.1.4. The issue stems from insecure permissions configured in the user_id parameter within SysUserController.java, enabling an attacker to access and arbitrarily modify users’ personal information. The Network vulnerability arises from insufficient access control on...

5.5CVSS5.5AI score0.00459EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/04/10 12:0 a.m.3 views

中天网络科技 OFCMS 安全漏洞

Zhongtian Network Technology OFCMS is a content management system CMS developed by China Zhongtian Network Technology Company using Java language. A security vulnerability exists in OFCMS v1.1.4, which originates from an insecure privilege configured in the userid parameter in...

5.5CVSS5.8AI score0.00459EPSS
Exploits1References2
NVD
NVD
added 2019/11/04 8:15 p.m.13 views

CVE-2019-18663

A SQL injection vulnerability in a /login/forgot1 POST request in ARP-GUARD 4.0.0-5 allows unauthenticated remote attackers to execute arbitrary SQL commands via the userid parameter...

9.8CVSS10AI score0.01428EPSS
Exploits1References1
Prion
Prion
added 2019/06/21 6:15 p.m.19 views

Design/Logic Flaw

An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It is possible due to lack of verification and correlation between the reset password key sent by mail and the userid parameter to reset the password of another user. One only needs to know the...

4CVSS8.7AI score0.01238EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/05/15 2:29 p.m.18 views

Cross site scripting

An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the userid parameter to signup.php...

4.3CVSS6AI score0.00799EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/05/15 2:29 p.m.25 views

CVE-2014-9918

An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the userid parameter to signup.php...

6.1CVSS5.9AI score0.00799EPSS
Exploits1References1
CVE
CVE
added 2019/05/15 1:21 p.m.42 views

CVE-2014-9918

The connected documents confirm a Stored XSS vulnerability in Bilboplanet 2.0 affecting the signup.php endpoint via the user_id parameter. Root cause and technical details are not expanded beyond this description in the provided sources; no explicit exploit code or affected versions are listed. P...

6.1CVSS5.8AI score0.00799EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/03/06 4:29 p.m.24 views

CVE-2019-9594

BlueCMS 1.6 allows SQL Injection via the userid parameter in an uploads/admin/user.php?act=edit request...

9.8CVSS9.9AI score0.01452EPSS
Exploits1References1
seebug.org
seebug.org
added 2016/08/04 12:0 a.m.19 views

Limits of the OA system /inc/finger/use_finger.php file USER_ID parameter SQL injection vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/25 12:0 a.m.20 views

phpok最新版一处注入

简要描述: 最近没什么代码审计漏洞 给个前台呗 详细说明: phpok最新版 20141119 问题文件:/framework/model/data.php //还是老问题 //取得文章列表 public function arclist$rs 第102-105行: if$rs'userid' $sql.= "AND l.userid IN".$rs'userid'." "; $rs'userid' 是直接进入查询的造成注入 现在就是找哪个地方应用了 function arclist是从 function arclist过来的 找下arclist 找了下一共2个地方 一个不行 另一个就可...

7.1AI score
Exploits0
Prion
Prion
added 2014/10/26 8:55 p.m.18 views

Sql injection

SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the userid parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php...

7.5CVSS9.1AI score0.02555EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2014/10/26 8:0 p.m.31 views

CVE-2014-5520

SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the userid parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php...

8.4AI score0.02555EPSS
Exploits1References6
Rows per page
Query Builder