5 matches found
CVE-2022-46953
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=savewindow...
GHSA-3Q6G-QMPX-RQW4 Whoogle Search Server-Side Request Forgery vulnerability
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the window endpoint does not sanitize user-supplied input from the location variable and passes it to the send method which sends a GET request on lines 339-343 in request.py, which leads to a server-side request...
PYSEC-2024-18
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the window endpoint does not sanitize user-supplied input from the location variable and passes it to the send method which sends a GET request on lines 339-343 in request.py, which leads to a server-side request...
PT-2024-19273 · Unknown · Whoogle Search
Name of the Vulnerable Software and Affected Versions: Whoogle Search versions 0.8.3 and prior Description: Whoogle Search is a self-hosted metasearch engine. The window endpoint does not sanitize user-supplied input from the location variable and passes it to the send method, which sends a GET...
PT-2023-15111 · Unknown · Dynamic Transaction Queuing System
Name of the Vulnerable Software and Affected Versions: Dynamic Transaction Queuing System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/admin/ajax.php?action=delete window" API endpoint...