CVE-2017-20212

The CVE-2017-20212 entry concerns FLIR Thermal Camera F/FC/PT/D firmware 8.0.0.64. Affected component: the web application path /var/www/data/controllers/api/xml.php, where readFile() reads local files without authentication. Root cause: unverified input parameters allow information disclosure. I...

EUVD-2009-4825

Malware in sbrugna...

Phpsysinfo Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file. Phpsysinfo 3.4.3 disables the functionality by default but the users may enable the vulnerable functionality...

GHSA-67GV-XRW7-P72W Phpsysinfo Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file. Phpsysinfo 3.4.3 disables the functionality by default but the users may enable the vulnerable functionality...

CVE-2023-49006

Cross Site Request Forgery CSRF vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file...

CVE-2023-49006

Cross Site Request Forgery CSRF vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file...

CVE-2023-49006

Cross Site Request Forgery CSRF vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file...

phpSysInfo security vulnerability

phpSysInfo is phpSysInfo open source a customizable PHP script that does a great job of displaying information about your system. A security vulnerability exists in phpSysInfo version 3.4.3, which stems from a cross-site request forgery in XML.php...

CVE-2023-49006

Cross Site Request Forgery CSRF vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file...

CVE-2023-49006

Cross Site Request Forgery CSRF vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file...

CVE-2023-49006

CVE-2023-49006 affects Phpsysinfo 3.4.3 and is a Cross-Site Request Forgery (CSRF) vulnerability. The claim states that a crafted page in XML.php can cause a remote attacker to obtain sensitive information. Affected component is Phpsysinfo (XML.php as the attack surface); root cause is CSRF, enab...

XML.php JSONP hijacking

Description The XML.php file has a JSONP hijacking vulnerability. When a user visits a page carefully crafted by the attacker, the JSON data is obtained and sent to the attacker. Proof of Concept We created an HTML file as a proof of concept to showcase the vulnerability. This HTML file will...

CVE-2021-27513

The module adminITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."...

Code injection

The module adminITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."...

CVE-2021-27513

The module adminITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."...

WordPress Store Locator Plugin SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . Store Locator plugin is one of the store locator plugin . A SQL injection vulnerability exists in WordPress Sto...

Dolphin v7. 3. 0 /flash/XML.php parameter key SQL injection vulnerabilities

No description provided by source...

WordPress Store Locator 3.33.1 - SQL Injection

Using a combination of GET fields, it is possible to perform a SQL Injection attack using the ‘sl-xml.php’ script. This injection is performed on the LIMIT of the SQL query, however retrieving data via this vulnerability is very easy, due to the outputting of the resulting SQL error by the script...

CVE-2013-4701

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...