CVE-2016-9471

LOW Year: 2016
CVSS v3 Score
3.1
Low
CVSS v2 Score
2.1
Low
Weakness Type
CWE-75
View all →

Vulnerability Description

Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver.

Related Vulnerabilities

CVE-2021-22910

CRITICAL
CVSS:9.8(Critical)

A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.

CWE-752021

CVE-2021-22911

CRITICAL
CVSS:9.8(Critical)

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.

CWE-752021

CVE-2024-35373

CRITICAL
CVSS:9.8(Critical)

Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.

CWE-752024

CVE-2024-39243

CRITICAL
CVSS:9.8(Critical)

An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor_save.

CWE-752024

CVE-2022-24039

CRITICAL
CVSS:9.0(Critical)

A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The “addCell” JavaScript function fails to properly sanitize ...

CWE-752022

CVE-2023-1758

HIGH
CVSS:8.9(High)

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CWE-752023