Lucene search
K

2185 matches found

CVE
CVE
added 2026/06/04 1:22 p.m.18 views

CVE-2019-25726

CVE-2019-25726 affects All in One Video Downloader 1.2. An SQL injection vulnerability exists in the admin page edit via the id parameter, allowing unauthenticated attackers to execute arbitrary SQL queries and potentially extract sensitive data (usernames, databases, version details). The provid...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.21 views

PT-2026-46200

Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to pages.php with crafted id values using error-based SQL injection techniques to...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.16 views

PT-2026-46887

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 6.6.10.18 Shopware versions prior to 6.7.10.1 Description An attacker can enumerate administrator usernames by performing a timing attack. This occurs because the getUserEntityByUserCredentials function in the...

3.7CVSS5.5AI score0.00223EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

PHP EI-Tube Script SQL注入漏洞

The PHP EI-Tube Script is a video website construction system developed by Elis Atef. The PHP EI-Tube Script has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the search parameter, which may allow unauthenticated attackers to execute arbitrary SQL...

8.8CVSS6.2AI score0.00262EPSS
Exploits0References3
NVD
NVD
added 2026/06/01 10:16 p.m.9 views

CVE-2018-25429

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract...

7.1CVSS0.00273EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/01 9:0 p.m.29 views

CVE-2018-25433 Joomla JE Photo Gallery 1.1 SQL Injection via categoryid

Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through the categoryid parameter. Attackers can send GET requests to index.php with crafted categoryid values in the...

8.8CVSS0.00341EPSS
Exploits0References4
CVE
CVE
added 2026/06/01 9:0 p.m.16 views

CVE-2018-25429

Paroiciel 11.20 contains an SQL injection in zpro.php via the zProIdPro parameter, exploitable by authenticated users to run arbitrary SQL and exfiltrate sensitive DB info (usernames, databases, version). CVSS 4.0/3.1 base scores are HIGH (7.1) with NETWORK attack vector and LOW privileges requir...

7.1CVSS6.1AI score0.00273EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/01 9:0 p.m.10 views

CVE-2018-25429 Paroiciel 11.20 SQL Injection via zProIdPro Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract...

7.1CVSS6.1AI score0.00273EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/01 9:3 a.m.11 views

CVE-2026-40543 Missing Authorization in SOPlanning

SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases with usernames and password hashes, as well as the config.csv file, which includes additional...

8.8CVSS5.8AI score0.00273EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.19 views

PT-2026-45356

Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.56 Description Lack of authorization enforcement for backup functionalities allows an unauthenticated attacker to query backup-related endpoints. This can lead to the retrieval of backup archives containing user...

8.8CVSS5.4AI score0.00273EPSS
Exploits0References12
NVD
NVD
added 2026/05/30 4:17 p.m.18 views

CVE-2018-25420

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...

8.8CVSS0.0027EPSS
Exploits0References4
NVD
NVD
added 2026/05/30 4:17 p.m.27 views

CVE-2018-25416

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...

8.8CVSS0.0027EPSS
Exploits0References4
NVD
NVD
added 2026/05/30 4:17 p.m.28 views

CVE-2018-25418

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Attackers can send GET requests to year.php with crafted SQL payloads in the year parameter to extract sensiti...

8.8CVSS0.00276EPSS
Exploits0References4
NVD
NVD
added 2026/05/30 4:17 p.m.24 views

CVE-2018-25419

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract...

8.8CVSS0.0027EPSS
Exploits0References4
NVD
NVD
added 2026/05/30 4:17 p.m.21 views

CVE-2018-25407

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS0.0027EPSS
Exploits0References4
NVD
NVD
added 2026/05/30 4:16 p.m.17 views

CVE-2018-25405

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters to extract...

8.8CVSS0.0027EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/30 2:55 p.m.32 views

CVE-2018-25420 AiOPMSD Final 1.0.0 SQL Injection via watch.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...

8.8CVSS0.0027EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.10 views

CVE-2018-25420

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/30 2:55 p.m.11 views

CVE-2018-25420 AiOPMSD Final 1.0.0 SQL Injection via watch.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/30 2:55 p.m.14 views

EUVD-2018-21942

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
Rows per page
Query Builder