CVE-2019-25664 SuiteCRM 7.10.7 SQL Injection via record Parameter

SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the index.php endpoint to...

CVE-2025-70891

A stored cross-site scripting XSS vulnerability exists in Phpgurukul Cyber Cafe Management System v1.0 within the user management module. The application does not properly sanitize or encode user-supplied input submitted via the uadd parameter in the add-users.php endpoint. An authenticated...

EUVD-2009-3135

Malware in sbrugna...

Human Resource Integrated System action.php File Cross-Site Scripting Vulnerability

Human Resource Integrated System is a human resource management system. A cross-site scripting vulnerability exists in Human Resource Integrated System, which originates from the unspecified parameter content not being security filtered in the /insert-and-view/action.php file. An attacker could...

Code-Projects Human Resource Integrated System 代码注入漏洞

Human Resource Integrated System is a human resource management system. A cross-site scripting vulnerability exists in Human Resource Integrated System, which originates from the unspecified parameter content not being security filtered in the /insert-and-view/action.php file. An attacker could...

CVE-2022-32391

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/viewaction.php:4...

CVE-2022-32391

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/viewaction.php:4...

CVE-2022-32391

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/viewaction.php:4...

Prison Management System SQL注入漏洞

Prison Management System is a prison management system by Carlo Montero's personal developer. v1.0 of Prison Management System is vulnerable to SQL injection, which originates from the application /pms/admin/actions/viewaction.php The vulnerability is caused by the lack of SQL data filter escapin...

Sql injection

Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via 1 the filename parameter in an attachment action, 2 the post parameter in a showcomment action, 3 the sys-name parameter in an rssfeed action, or 4 the...

CVE-2010-5317

Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via 1 the filename parameter in an attachment action, 2 the post parameter in a showcomment action, 3 the sys-name parameter in an rssfeed action, or 4 the...

Progress OpenEdge 11.2 - Directory Traversal Vulnerability

Exploit for php platform in category web applications Exploit Title: Progress OpenEdge Directory Traversal Date: 30/10/2014 Exploit Author: Mauricio Correa Vendor Homepage: www.progress.com Software Link: www.progress.com/products/openedge Version: 11.2 Tested on: Windows OS CVE : CVE-2014-8555 T...

DEBIAN-CVE-2011-4923

Cross-site scripting XSS vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer, a different vulnerability than...

CVE-2012-1198

baseagmain.php in Basic Analysis and Security Engine BASE 1.4.5 allows remote attackers to execute arbitrary code by uploading contents of the file with an executable extension via a create action, then accessing it via a view action...

Sql injection

SQL injection vulnerability in Scriptsez.net Ez Album allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php...

CVE-2010-4995

SQL injection vulnerability in the NeoRecruit comneorecruit component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offerview action to index.php, a different vector than CVE-2007-4506...

Sql injection

SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action...

CVE-2010-4912

SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action...

CVE-2011-1063

Multiple cross-site scripting XSS vulnerabilities in Cherry-Design Photopad 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 id or 2 datatitle parameters in an edit action to files.php, or 3 id parameter in a view action to gallery.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Cherry-Design Photopad 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 id or 2 datatitle parameters in an edit action to files.php, or 3 id parameter in a view action to gallery.php...