Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-19960: vuln_repo/zzcms2019 SQL injection vulnerability in dl_sendsms.php.md at master · zhuxianjin/vuln_repo

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie.

CVE
#sql#vulnerability

Related news

CVE-2020-18263: SQL injection vulnerability in search.php · Issue #1 · harshitbansal373/PHP-CMS

PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information.

CVE-2021-36181: PSIRT Advisories | FortiGuard

A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific coordination of web requests.

CVE-2020-23050

TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code.

CVE-2021-25969: WhiteSource Vulnerability Database

In “Camaleon CMS” application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment.

CVE-2021-25968: Open Source Vulnerability Database | WhiteSource

In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field.

CVE-2020-19957: vuln_repo/zzcms2019 SQL injection vulnerability in dl_print.php.md at master · zhuxianjin/vuln_repo

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page.

CVE-2020-19961: vuln_repo/zzcms2019 SQL injection vulnerability in subzs.php.md at master · zhuxianjin/vuln_repo

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.

CVE-2020-19959: vuln_repo/zzcms2019 SQL injection vulnerability in dl_sendmail.php.md at master · zhuxianjin/vuln_repo

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie.

CVE-2021-25964: WhiteSource Vulnerability Database

In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered.

CVE-2021-34356: Stored XSS Vulnerabilities in Photo Station - Security Advisory

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later

CVE-2021-34354: Stored XSS Vulnerabilities in Photo Station - Security Advisory

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later

CVE-2021-34355: Stored XSS Vulnerability in Photo Station - Security Advisory

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 5.4.10 ( 2021/08/19 ) and later Photo Station 5.7.13 ( 2021/08/19 ) and later Photo Station 6.0.18 ( 2021/09/01 ) and later

CVE-2021-38675: Stored XSS Vulnerability in Image2PDF - Security Advisory

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later

CVE-2021-25963: General: fix critical views that can be subject of XSS attacks · shuup/shuup@75714c3

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting (XSS) that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped.

CVE-2014-3704: oss-security - Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907