EUVD-2025-26724

Malicious code in bioql PyPI...

CVE-2025-57263

An authenticated SQL injection vulnerability in VX Guestbook 1.07 allows attackers with admin access to inject malicious SQL payloads via the "word" POST parameter in the words.php admin panel...

CVE-2025-57263

An authenticated SQL injection vulnerability in VX Guestbook 1.07 allows attackers with admin access to inject malicious SQL payloads via the "word" POST parameter in the words.php admin panel...

VX Guestbook 安全漏洞

VX Guestbook is a guestbook program by the individual developer of VX Guestbook. A security vulnerability exists in VX Guestbook version 1.07, which originates from an SQL injection in the word parameter in the words.php admin panel, which could lead to malicious SQL payload injection...

CVE-2025-57263

The CVE-2025-57263 entry concerns VX Guestbook 1.07 with an authenticated SQL injection via the word POST parameter in the words.php admin panel. Attackers with admin privileges can inject malicious SQL payloads, indicating impact to data confidentiality, integrity, and availability as described ...

CVE-2025-57263

An authenticated SQL injection vulnerability in VX Guestbook 1.07 allows attackers with admin access to inject malicious SQL payloads via the "word" POST parameter in the words.php admin panel...

PT-2025-35939

Name of the Vulnerable Software and Affected Versions: VX Guestbook version 1.07 Description: An authenticated SQL injection vulnerability exists in VX Guestbook version 1.07. Attackers with admin access can inject malicious SQL payloads via the word POST parameter in the words.php admin panel...

CVE-2024-7871

SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter...

CVE-2024-7871

SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter...

CVE-2024-7871

CVE-2024-7871: SQL Injection in the online dictionary function of Easytest Online Test Platform (versions 24E01 and earlier). Root cause: vulnerable handling of the word parameter enables arbitrary SQL execution by remote authenticated users. Impact notes (from CVSS): high confidentiality, integr...

Huachu Digital Easytest Online Test Platform 安全漏洞

Huachu Digital Easytest Online Test Platform is an online test platform from Huachu Digital. A security vulnerability exists in Huachu Digital Easytest Online Test Platform version 24E01 and prior versions, which originates from allowing remote authenticated users to execute arbitrary SQL command...

PT-2024-38648 · Unknown · Easytest Online Test Platform

Name of the Vulnerable Software and Affected Versions: Easytest Online Test Platform versions 24E01 and earlier Description: The issue allows remote authenticated users to execute arbitrary SQL commands via the word parameter in the online dictionary function. This can potentially lead to...

CVE-2024-33101

CVE-2024-33101 concerns a stored XSS in ThinkSAAS v3.7.0, specifically in the /action/anti.php component, where a crafted payload injected into the word parameter can cause arbitrary web script/HTML execution. The issue is confirmed across multiple sources (Red Hat, NVD, OSV, CVE lists) with a co...

PT-2024-25114 · Thinksaas · Thinksaas

Name of the Vulnerable Software and Affected Versions: ThinkSAAS version 3.7.0 Description: A stored cross-site scripting XSS vulnerability in the component /action/anti.php allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter...

Search Results SQL注入漏洞

Search Results is an application by Forumhulp.com individual developers. It records the search terms searched by visitors. Search Results suffers from an SQL injection vulnerability that stems from a problem with the function listkeywords in the file event/listener.php, where manipulation of the...

PT-2023-10332 · Forumhulp · Forumhulp

Name of the Vulnerable Software and Affected Versions: ForumHulp affected versions not specified Description: A critical issue was found in ForumHulp searchresults, affecting the list keywords function of the file event/listener.php. The manipulation of the word argument leads to SQL injection...

muiswerk.nl XSS vulnerability

Vulnerable URL: http://www.muiswerk.nl/mowb/?word=autonoom"alert/OPENBUGBOUNTY/...

CVE-2010-4976

Cross-site scripting XSS vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter aka Search Box field. NOTE: some of these details are obtained from third party information...

CVE-2008-3945

SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action...

Cross site scripting

Cross-site scripting XSS vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection...