8.8
CVE-2019-25580 - ownDMS 4.7 SQL Injection via pdfstream.php imagestream.php
ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the Iβ¦
8.7
CVE-2019-25579 - phpTransformer 2016.9 Directory Traversal via jQueryFileUpload
phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the path parameter. Attackers can send requests to the jQueryFileUploadmaster server endpoint with traversal sequences ../../../../../../ to list and reβ¦
8.8
CVE-2019-25578 - phpTransformer 2016.9 SQL Injection via GeneratePDF.php
phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews parameter to extract sensiβ¦
6.8
CVE-2019-25577 - SeoToaster Ecommerce 3.0.0 Local File Inclusion via backend_theme
SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backend_theme/editcss/ or /backend/backend_theme/editjs/ withβ¦
8.8
CVE-2019-25576 - Kepler Wallpaper Script 1.1 SQL Injection via category
Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to extraβ¦
8.8
CVE-2019-25575 - SimplePress CMS 1.0.7 SQL Injection via p and s Parameters
SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information inβ¦
7.1
CVE-2019-25574 - Green CMS 2.x Path Traversal Arbitrary File Download
Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the theme_name parameter in the themeexporthandle action or supply base64-encoded file paths to β¦
7.1
CVE-2019-25573 - Green CMS 2.x SQL Injection via cat Parameter
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat parβ¦
5.3
CVE-2026-4516 - Foundation Agents MetaGPT DataInterpreter write_analysis_code.py injection
A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has beβ¦
6.9
CVE-2019-25572 - NordVPN 6.19.6 Denial of Service via Email Field Buffer Overflow
NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash.