Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Alive Parish 2.0.4 allows hackers to access sensitive data and execute malicious code
CVE-2018-25176
Summary
A security flaw in Alive Parish 2.0.4 lets hackers access sensitive information and do bad things to your system by manipulating search requests and uploading files. This is a serious issue that puts your data and system at risk. You should update to the latest version to fix this issue.
Original title
Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search...
Original description
Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to the images/uploaded directory for remote code execution.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-352
Cross-Site Request Forgery (CSRF)
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026