33 matches found
CVE-2023-2408
A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. Affected by this issue is some unknown functionality of the file services/view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotel...
CVE-2022-35196
TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery CSRF via /lib/plan/planView.php...
The vulnerability of D-Link DIR816L router’s microprogramming software allows a hacker to gain access to the folder_view.php and category_view.php folders.
The vulnerability of D-Link DIR816L router’s microprogramming software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to the folders folderview.php and categoryview.php...
CVE-2022-2017
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/viewvisit.php of the component Visit Handler. The manipulation of the argument id with the input...
CVE-2021-4134
The Fancy Product Designer WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the ID parameter found in the /inc/api/class-view.php file which allows attackers with administrative level permissions to inject arbitrary SQL queries to obtain sensiti...
CVE-2017-14345
SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php...
PT-2017-17139
Name of the Vulnerable Software and Affected Versions webpagetest version 3.0 Description A Cross-Site Scripting XSS issue exists due to insufficient filtration of user-supplied data, specifically the bgcolor variable, passed to the "webpagetest-master/www/video/view.php" URL. This allows an...
PT-2012-2069 · Gr Board · Gboard
Name of the Vulnerable Software and Affected Versions: GR Board version 1.8.6.5 Community Edition Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the tableType or blindTarget parameter to "view.php", the delTargets0 parameter to "view...
CVE-2010-4979
SQL injection vulnerability in image/view.php in CANDID allows remote attackers to execute arbitrary SQL commands via the imageid parameter...
CVE-2010-4978
Cross-site scripting XSS vulnerability in image/view.php in CANDID allows remote attackers to inject arbitrary web script or HTML via the imageid parameter...
CVE-2010-5001
SQL injection vulnerability in view.php in esoftpro Online Contact Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...
Web Solutions Wcs2u - SQL Injection
Title : Web Solutions Wcs2u SQL Injection Vulnerability Vendor or Software Link: : http://www.wcs2u.com/ Author : tempemendoan Contact : [email protected] Google Dork : inurl:"gorengan tempe" intext:"Engineered by WCS2U.COM" === POC === » http://website/index.php?id=SQL »...
CVE-2007-6508
Directory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F dot dot slash in the list parameter...