CVE-2024-28714

SQL Injection vulnerability in CRMEBJava e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter...

CVE-2024-28714

SQL Injection vulnerability in CRMEBJava e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter...

CVE-2024-24110

SQL Injection vulnerability in crmebjava before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people...

CVE-2024-24110

SQL Injection vulnerability in crmebjava before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people...

CVE-2024-25469

SQL Injection vulnerability in CRMEB crmebjava v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component...

OpenFGA DoS vulnerability

Overview OpenFGA is vulnerable to a DoS attack. When a number of ListObjects calls are executed, in some scenarios, those calls are not releasing resources even after a response has been sent, and the service as a whole becomes unresponsive. Fix Upgrade to v1.3.4. This upgrade is backwards...

LightCMS 1.3.4 - (exclusive) Stored XSS Vulnerability

Exploit Title: LightCMS 1.3.4 - 'exclusive' Stored XSS Exploit Author: Peithon Vendor Homepage: https://github.com/eddy8/LightCMS Software Link: https://github.com/eddy8/LightCMS/releases/tag/v1.3.4 Version: 1.3.4 Tested on: latest version of Chrome, Firefox on Windows and Linux CVE: CVE-2021-335...

CVE-2021-3355

A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords...

Input validation

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request...

CVE-2018-7785

CVE-2018-7785 affects Schneider Electric’s U.motion Builder software prior to version 1.3.4. The vulnerability is a remotely exploitable command injection that leads to authentication bypass, with high/critical impact reported (network access, no authentication, full or partial compromise of conf...

CVE-2018-7766

The CVE-2018-7766 vulnerability affects Schneider Electric U.motion Builder software prior to v1.3.4. It is caused by an SQL injection in the underlying SQLite query during processing of track_getdata.php, using the id input parameter. Reported impacts per the entry include high CVSS3 base metric...

CVE-2017-1000071

Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server...

USB Sharp v1.3.4 iPad iPhone - Multiple Web Vulnerabilities

Document Title: =============== USB Sharp v1.3.4 iPad iPhone - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=873 Release Date: ============= 2013-02-16 Vulnerability Laboratory ID VL-ID: ====================================...