8.8
CVE-2019-25456 - Web Ofisi Emlak v2 SQL Injection via ara Parameter
Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or cโฆ
8.8
CVE-2019-25455 - Web Ofisi E-Ticaret v3 SQL Injection via ara.html
Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information.
5.3
CVE-2026-2953 - Dromara UJCMS Template WebFileTemplateController.delete deleteDirectory path traversal
A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler. Such manipulation leads to path traversal. The attack may be performed from remote. The exploit has been disclosed tโฆ
6.9
CVE-2026-2952 - Vaelsys HTTP POST Request tree_server.php os command injection
A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/tree_server.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has bโฆ
8.8
CVE-2019-25391 - Ashop Shopping Cart Software Lastest Latest SQL Injection via bannedcustomers.php
Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. Attackers can send POST requests to the admin/bannedcustomers.php endpoint with crafted SQL payloads using SLEEP functionsโฆ
8.8
CVE-2019-25366 - microASP Portal+ CMS SQL Injection via pagina.phtml
microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explode_tree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and conโฆ
8.8
CVE-2019-25440 - WebIncorp ERP Every version SQL Injection via product_detail.php
WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod_id parameter. Attackers can send GET requests to product_detail.php with malicious prod_id values to extract sensitive database informatiโฆ
8.8
CVE-2019-25439 - NoviSmart CMS SQL Injection via Referer HTTP Header
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive databโฆ
8.8
CVE-2019-25433 - XOOPS CMS 2.5.9 SQL Injection via gerar_pdf.php
XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerar_pdf.php endpoint with malicious cid values to extract sensitive database informaโฆ
5.1
CVE-2026-2947 - rymcu forest User Profile UserInfoController.java updateUserInfo cross site scripting
A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross site scripting. The attack can be executed reโฆ