CVE-2023-40942

Tenda AC9 V3.0BRV15.03.06.42multiTD01 was discovered stack overflow via parameter 'firewallvalue' at url /goform/SetFirewallCfg...

CVE-2023-38767

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php...

PT-2023-26595 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 5.0.0 Description: A SQL injection issue allows a remote attacker to obtain sensitive information via the value and custom parameters within the "/QueryView.php" API endpoint. Recommendations: For ChurchCRM version 5.0.0, as...

The is no way for native tokens to get sent to InterchainProposalExecutor

Lines of code Vulnerability details Impact Proposals that require value cannot be executed as native tokens on the other side of the bridge cannot be provided. Proof of Concept Proposals have a value parameter, which allows users to specify what amount of native tokens should be passed when calli...

PT-2023-9942 · Unknown · Php-Form-Builder-Class

Name of the Vulnerable Software and Affected Versions: manikandan170890 php-form-builder-class affected versions not specified Description: A vulnerability has been found in the Textarea Handler component of the php-form-builder-class, specifically in the file PFBC/Element/Textarea.php. The...

Sql injection

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'searchvalue parameter in the...

Rukovoditel 跨站脚本漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software features project management, customer relationship management, and more. A cross-site scripting vulnerability exists in Rukovoditel version 3.2.1, which stems from the Value parameter...

CVE-2022-35154

Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter...

CVE-2022-35154

Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter...

CVE-2022-35154

Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter...

PT-2022-22604 · Unknown · Shopro Mall System

Name of the Vulnerable Software and Affected Versions: Shopro Mall System version 1.3.8 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the value parameter. Recommendations: For Shopro Mall System version 1.3.8, consider restricting acce...

Shopro Mall System SQL注入漏洞

XPTECH Shopro Mall System is a mall management system from China's XPTECH company. A security vulnerability exists in Shopro Mall System v1.3.8, which originates from the discovery of a SQL injection vulnerability via the value parameter...

The vulnerability of the WWebView component of MCE Systems’ mobile device lifecycle management system allows a hacker to execute arbitrary commands.

The vulnerability of MCE Systems’ WWebView component in mobile device lifecycle management systems lies in the lack of measures taken to neutralize special elements used by the operating system when processing the value parameter. Exploiting this vulnerability allows an attacker to execute...

CVE-2021-28290

A cross-site scripting XSS vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter...

Genesys Intelligent Workload Distribution SQL注入漏洞

Genesys Intelligent Workload Distribution Iwd is an application from Genesys, Inc. It can be used with the Genesys Customer Interaction Management Cim platform to assign tasks to the resources best suited to handle them. A SQL injection vulnerability exists in Genesys Intelligent Workload...

CVE-2021-39412

Multiple Cross Site Scripting XSS vulnerabilities exists in PHPGurukul Shopping v3.1 via the 1 callback parameter in a serverside/scripts/idjsonp.php, b serverside/scripts/jsonp.php, and c scripts/objectsjsonp.php, the 2 value parameter in examplessupport/editableajax.php, and the 3 PHPSELF...

CVE-2021-39412

Multiple Cross Site Scripting XSS vulnerabilities exists in PHPGurukul Shopping v3.1 via the 1 callback parameter in a serverside/scripts/idjsonp.php, b serverside/scripts/jsonp.php, and c scripts/objectsjsonp.php, the 2 value parameter in examplessupport/editableajax.php, and the 3 PHPSELF...

CVE-2020-8288

The specializedRendering function in Rocket.Chat server before 3.9.2 allows a cross-site scripting XSS vulnerability by way of the value parameter...

Rocket.Chat server 跨站脚本漏洞

Rocket.Chat is an open source team chat software. A cross-site scripting vulnerability exists in Rocket.Chat server versions prior to 3.9.2, which stems from the value parameter. No details of the vulnerability are available at this time...

Design/Logic Flaw

Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter...