Search
Search Results (28 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25538 | 2 Konradpl99, Sourceforge | 2 202cms, 202cms | 2026-03-20 | 8.2 High |
| 202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can send crafted requests with malicious SQL statements in the log_user field to extract sensitive database information or modify database contents. | ||||
| CVE-2019-25539 | 2 Konradpl99, Sourceforge | 2 202cms, 202cms | 2026-03-20 | 8.2 High |
| 202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind injection techniques to extract sensitive database information. | ||||
| CVE-2018-25178 | 2 Rul10, Sourceforge | 2 Easyndexer, Easyndexer | 2026-03-16 | 7.5 High |
| Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like configuration and initialization files. | ||||
| CVE-2018-25190 | 2 Rul10, Sourceforge | 2 Easyndexer, Easyndexer | 2026-03-16 | 5.3 Medium |
| Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malicious web pages that submit POST requests to createuser.php with parameters including username, password, name, surname, and privileges set to 1 for administrator access. | ||||
| CVE-2001-0234 | 1 Sourceforge | 1 Newsdaemon | 2025-04-03 | N/A |
| NewsDaemon before 0.21b allows remote attackers to execute arbitrary SQL queries and gain privileges via a malformed user_username parameter. | ||||
| CVE-2005-4837 | 3 Net-snmp, Redhat, Sourceforge | 3 Net-snmp, Enterprise Linux, Net-snmp | 2025-04-03 | N/A |
| snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177. | ||||
| CVE-2002-2364 | 1 Sourceforge | 1 Php Ticket | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a help ticket. | ||||
| CVE-2002-2362 | 1 Sourceforge | 1 Mymarket | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in form_header.php in MyMarket 1.71 allows remote attackers to inject arbitrary web script or HTML via the noticemsg parameter. | ||||