116 matches found
CVE-2020-26625
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'userid' parameter after the login portal...
CVE-2020-26625
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'userid' parameter after the login portal...
Information Disclosure
matrixsynapse is vulnerable to Information Disclosure. The vulnerability is caused by a missing validation check for the userid parameter used to query cached device information of remote users. This can lead to enumerating the remote users known to a homeserver...
CVE-2023-1940
A vulnerability classified as critical was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This vulnerability affects unknown code of the file deleteuserquery.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. The...
Lead Management System SQL Injection Vulnerability (CNVD-2023-05740)
Lead management system is a lead management system developed by Mayuri K. The Lead Management System v1.0 version is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in the userid parameter of changePassword.php. An attacker could use this...
CVE-2022-47859
Lead Management System v1.0 is vulnerable to SQL Injection via the userid parameter in changePassword.php...
CVE-2022-47859
Lead Management System v1.0 is vulnerable to SQL Injection via the userid parameter in changePassword.php...
CVE-2022-34621
Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference IDOR vulnerability which allows attackers to modify user passwords and other attributes via modification of the userid parameter...
CVE-2022-27960
CVE-2022-27960 affects OFCMS v1.1.4. The issue stems from insecure permissions configured in the user_id parameter within SysUserController.java, enabling an attacker to access and arbitrarily modify users’ personal information. The Network vulnerability arises from insufficient access control on...
中天网络科技 OFCMS 安全漏洞
Zhongtian Network Technology OFCMS is a content management system CMS developed by China Zhongtian Network Technology Company using Java language. A security vulnerability exists in OFCMS v1.1.4, which originates from an insecure privilege configured in the userid parameter in...
CVE-2019-18663
A SQL injection vulnerability in a /login/forgot1 POST request in ARP-GUARD 4.0.0-5 allows unauthenticated remote attackers to execute arbitrary SQL commands via the userid parameter...
Design/Logic Flaw
An arbitrary password reset issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It is possible due to lack of verification and correlation between the reset password key sent by mail and the userid parameter to reset the password of another user. One only needs to know the...
Cross site scripting
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the userid parameter to signup.php...
CVE-2014-9918
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the userid parameter to signup.php...
CVE-2014-9918
The connected documents confirm a Stored XSS vulnerability in Bilboplanet 2.0 affecting the signup.php endpoint via the user_id parameter. Root cause and technical details are not expanded beyond this description in the provided sources; no explicit exploit code or affected versions are listed. P...
CVE-2019-9594
BlueCMS 1.6 allows SQL Injection via the userid parameter in an uploads/admin/user.php?act=edit request...
Limits of the OA system /inc/finger/use_finger.php file USER_ID parameter SQL injection vulnerability
No description provided by source...
phpok最新版一处注入
简要描述: 最近没什么代码审计漏洞 给个前台呗 详细说明: phpok最新版 20141119 问题文件:/framework/model/data.php //还是老问题 //取得文章列表 public function arclist$rs 第102-105行: if$rs'userid' $sql.= "AND l.userid IN".$rs'userid'." "; $rs'userid' 是直接进入查询的造成注入 现在就是找哪个地方应用了 function arclist是从 function arclist过来的 找下arclist 找了下一共2个地方 一个不行 另一个就可...
Sql injection
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the userid parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php...
CVE-2014-5520
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the userid parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php...