19 matches found
EUVD-2019-19782
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using...
CVE-2019-25511
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using...
CVE-2019-25511
CVE-2019-25511 describes an SQL injection in the Jettweb PHP Hazir Haber Sitesi Scripti V3. An unauthenticated attacker can manipulate queries by supplying malicious values to the videoid parameter in GET requests to fonksiyonlar.php, using UNION-based injection to exfiltrate data. The CVSS metri...
CVE-2019-25511
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using...
CVE-2019-25511 Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using...
CVE-2019-25511 Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using...
Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞
Jettweb PHP Ready-made News Sites Script is a content management system provided by the Turkish company Jettweb. Version V3 of the Jettweb PHP Ready-made News Sites Script has a SQL injection vulnerability. This vulnerability stems from the videoid parameters, which may allow unauthenticated...
PT-2026-24971
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using...
CVE-2025-13849
The Cool YT Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videoid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-13849
The Cool YT Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videoid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-13849 Cool YT Player <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Cool YT Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videoid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-13849 Cool YT Player <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Cool YT Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videoid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-13849
CVE-2025-13849 — Cool YT Player for WordPress : A stored XSS flaw exists in the Cool YT Player plugin for WordPress via the videoid parameter for versions up to 1.0. The vulnerability enables an authenticated attacker with Contributor+ privileges to inject script that executes when users view the...
PT-2026-1610
Name of the Vulnerable Software and Affected Versions The Cool YT Player plugin for WordPress versions prior to 1.1 Description The Cool YT Player plugin for WordPress is susceptible to Stored Cross-Site Scripting through the videoid parameter. Insufficient input sanitization and output escaping...
EUVD-2010-2468
Malware in sbrugna...
Sql injection
Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery contus-video-gallery plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow 1 remote attackers to execute arbitrary SQL commands via the vid parameter in a myextract action to wp-admin/admin-ajax.php ...
CVE-2010-2458
Cross-site scripting XSS vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the videoid parameter...
CVE-2010-2459
SQL injection vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to execute arbitrary SQL commands via the videoid parameter...
CVE-2009-3066
Multiple cross-site scripting XSS vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 videoid parameter to tools/email.php and 2 redirect parameter to tools/login.php...