168 matches found
CVE-2021-45803
MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation...
CVE-2021-45803
MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation...
MartDevelopers Iresturant SQL注入漏洞
MartDevelopers Iresturant is an open source lightweight restaurant Erp from MartDevelopers Kenya. used to integrate social restaurant operations into one system. a SQL injection vulnerability exists in MartDevelopers iResturant v1.0, which stems from adding this when viewing a reservation view...
Privilege Escalation
mysql is vulnerable to privilege escalation. A flaw was found in a way MySQL handled the "DEFINER" view parameter. A user with the "ALTER VIEW" privilege for a view created by another database user, could modify that view to get access to any data accessible to the creator of said view...
CVE-2019-7424
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to...
Joomla Component XMap SQL Injection Vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla component XMap. The flaw is due to input passed to 'index.php' via the 'view=' and 'itemID=' parameters failing to be properly filtered before being used in SQL queries. An attacker could...
DEBIAN-CVE-2019-7339
POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log log.php because proper filtration is omitted...
DEBIAN-CVE-2019-6777
An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter...
Design/Logic Flaw
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/spacepoll.php, as demonstrated by a mod=space do=poll request to home.php...
CVE-2018-5331
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/spacepoll.php, as demonstrated by a mod=space do=poll request to home.php...
CVE-2018-5331
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/spacepoll.php, as demonstrated by a mod=space do=poll request to home.php...
CVE-2018-5331
Discuz! DiscuzX X3.4 is affected by a cross-site scripting (XSS) vulnerability triggered by the view parameter sent to include/space/space_poll.php, demonstrated by a mod=space do=poll request to home.php. Multiple connected sources document the issue, but none provide exploit steps or concrete r...
CVE-2018-5331
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/spacepoll.php, as demonstrated by a mod=space do=poll request to home.php...
Muslim Matrimonial Script Cross-Site Scripting Vulnerability (CNVD-2018-01241)
Muslim Matrimonial Script is a community matrimonial script for matrimonial websites by PHP Scripts Mall. A cross-site scripting vulnerability exists in PHP Scripts Mall Muslim Matrimonial Script. The vulnerability can be exploited to conduct cross-site scripting attacks via the admin/stateview.p...
Code injection
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter...
PHP Scripts Mall Professional Service Script Cross-Site Scripting Vulnerability
Professional Service Script is a script from PHP Scripts Mall with search, task creation and task management features. A cross-site scripting vulnerability exists in PHP Scripts Mall Professional Service Script. A remote attacker can exploit this vulnerability via the view parameter in...
phpMyBackupPro path traversal vulnerability (CNVD-2017-30647)
phpMyBackupPro is a free web-based MySql backup tool. The tool supports automatic backup, timed backup, off-site backup MySql database. A directory traversal vulnerability exists in the getfile.php file in phpMyBackupPro versions 2.1 through 2.5. A remote attacker can read arbitrary files with th...
phpMyBackupPro Path Traversal Vulnerability
phpMyBackupPro is a free web-based MySql backup tool. The tool supports automatic backup, timed backup, off-site backup MySql database. A directory traversal vulnerability exists in the getfile.php file in phpMyBackupPro versions 2.1 through 2.4. A remote attacker can read arbitrary files with th...
Directory traversal
Directory traversal vulnerability in getfile.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. dot dot in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this...
Joomla com_kide plugin 'view' parameter SQL injection vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the 'view' parameter of the Joomla comkide plugin. An attacker can exploit the vulnerability to access or modify database data...