Search Results (366567 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-46458 1 Victor Cms Project 1 Victor Cms 2024-11-21 7.5 High
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the post_title parameter.
CVE-2021-46457 1 Dlink 2 Dir-823 Pro, Dir-823 Pro Firmware 2024-11-21 9.8 Critical
D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function ChgSambaUserSettings. This vulnerability allows attackers to execute arbitrary commands via the samba_name parameter.
CVE-2021-46456 1 Dlink 2 Dir-823 Pro, Dir-823 Pro Firmware 2024-11-21 9.8 Critical
D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanACLSettings. This vulnerability allows attackers to execute arbitrary commands via the wl(0).(0)_maclist parameter.
CVE-2021-46455 1 Dlink 2 Dir-823 Pro, Dir-823 Pro Firmware 2024-11-21 9.8 Critical
D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStationSettings. This vulnerability allows attackers to execute arbitrary commands via the station_access_enable parameter.
CVE-2021-46454 1 Dlink 2 Dir-823 Pro, Dir-823 Pro Firmware 2024-11-21 9.8 Critical
D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanApcliSettings. This vulnerability allows attackers to execute arbitrary commands via the ApCliKeyStr parameter.
CVE-2021-46453 1 Dlink 2 Dir-823 Pro, Dir-823 Pro Firmware 2024-11-21 9.8 Critical
D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStaticRouteSettings. This vulnerability allows attackers to execute arbitrary commands via the staticroute_list parameter.
CVE-2021-46452 1 Dlink 2 Dir-823 Pro, Dir-823 Pro Firmware 2024-11-21 9.8 Critical
D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via the tomography_ping_address, tomography_ping_number, tomography_ping_size, tomography_ping_timeout, and tomography_ping_ttl parameters.
CVE-2021-46451 1 Online Project Time Management System Project 1 Online Project Time Management System 2024-11-21 9.8 Critical
An SQL Injection vulnerabilty exists in Sourcecodester Online Project Time Management System 1.0 via the pid parameter in the load_file function.
CVE-2021-46448 1 Hhg-multistore 1 Multistore 2024-11-21 9.8 Critical
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/customers.php?page=1&cID.
CVE-2021-46447 1 Hhg-multistore 1 Multistore 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the State parameter under the Address Book module.
CVE-2021-46446 1 Hhg-multistore 1 Multistore 2024-11-21 9.8 Critical
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_access_group_edit&aagID.
CVE-2021-46445 1 Hhg-multistore 1 Multistore 2024-11-21 9.8 Critical
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/categories.php?box_group_id.
CVE-2021-46444 1 Hhg-multistore 1 Multistore 2024-11-21 9.8 Critical
H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID.
CVE-2021-46442 1 Dlink 2 Dir-825, Dir-825 Firmware 2024-11-21 9.8 Critical
In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization.
CVE-2021-46441 1 Dlink 2 Dir-825, Dir-825 Firmware 2024-11-21 8.8 High
In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization.
CVE-2021-46440 1 Strapi 1 Strapi 2024-11-21 7.5 High
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to getting API documentation for further API attacks.
CVE-2021-46437 1 Zzcms 1 Zzcms 2024-11-21 4.8 Medium
An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php.
CVE-2021-46436 1 Zzcms 1 Zzcms 2024-11-21 7.2 High
An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php.
CVE-2021-46434 1 Emqx 1 Emqx 2024-11-21 5.3 Medium
EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was valid
CVE-2021-46433 1 Fenom Project 1 Fenom 2024-11-21 10.0 Critical
In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCode()to bypass sandbox to execute arbitrary PHP code when disable_native_funcs is true.