Lucene search

K

Flexi – Guest Submit Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2024-5272 Run Details leak to guest via webhook event "custom_playbooks_playbook_run_updated"

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to restrict the audience of the "custom_playbooks_playbook_run_updated" webhook event, which allows a guest on a channel with a playbook run linked to see all the details of the playbook run when the run is marked by....

4.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 01:29 PM
cvelist
cvelist

CVE-2024-34152 Playbook Run Metadata leak to Guest

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper access control which allows a guest to get the metadata of a public playbook run that linked to the channel they are guest via sending an RHSRuns GraphQL query request to the...

4.3CVSS

4.6AI Score

0.0004EPSS

2024-05-26 01:28 PM
nvd
nvd

CVE-2024-5365

A vulnerability, which was classified as critical, was found in SourceCodester Best House Rental Management System up to 1.0. This affects an unknown part of the file manage_payment.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 01:15 PM
cve
cve

CVE-2024-5365

A vulnerability, which was classified as critical, was found in SourceCodester Best House Rental Management System up to 1.0. This affects an unknown part of the file manage_payment.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The....

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-26 01:15 PM
24
nvd
nvd

CVE-2024-5364

A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System up to 1.0. Affected by this issue is some unknown functionality of the file manage_tenant.php. The manipulation of the argument id leads to sql injection. The attack may be...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 01:15 PM
cve
cve

CVE-2024-5364

A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System up to 1.0. Affected by this issue is some unknown functionality of the file manage_tenant.php. The manipulation of the argument id leads to sql injection. The attack may be...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-26 01:15 PM
25
vulnrichment
vulnrichment

CVE-2024-5365 SourceCodester Best House Rental Management System manage_payment.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Best House Rental Management System up to 1.0. This affects an unknown part of the file manage_payment.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The....

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-26 01:00 PM
cvelist
cvelist

CVE-2024-5365 SourceCodester Best House Rental Management System manage_payment.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Best House Rental Management System up to 1.0. This affects an unknown part of the file manage_payment.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 01:00 PM
2
cvelist
cvelist

CVE-2024-5364 SourceCodester Best House Rental Management System manage_tenant.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System up to 1.0. Affected by this issue is some unknown functionality of the file manage_tenant.php. The manipulation of the argument id leads to sql injection. The attack may be...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 12:31 PM
vulnrichment
vulnrichment

CVE-2024-5364 SourceCodester Best House Rental Management System manage_tenant.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System up to 1.0. Affected by this issue is some unknown functionality of the file manage_tenant.php. The manipulation of the argument id leads to sql injection. The attack may be...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-26 12:31 PM
nvd
nvd

CVE-2024-5362

A vulnerability classified as critical has been found in SourceCodester Online Hospital Management System 1.0. Affected is an unknown function of the file departmentDoctor.php. The manipulation of the argument deptid leads to sql injection. It is possible to launch the attack remotely. The exploit....

7.3CVSS

7.6AI Score

0.0004EPSS

2024-05-26 12:15 PM
nvd
nvd

CVE-2024-5363

A vulnerability classified as critical was found in SourceCodester Best House Rental Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely.....

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-26 12:15 PM
cve
cve

CVE-2024-5363

A vulnerability classified as critical was found in SourceCodester Best House Rental Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely.....

6.3CVSS

7.4AI Score

0.0004EPSS

2024-05-26 12:15 PM
25
cve
cve

CVE-2024-5362

A vulnerability classified as critical has been found in SourceCodester Online Hospital Management System 1.0. Affected is an unknown function of the file departmentDoctor.php. The manipulation of the argument deptid leads to sql injection. It is possible to launch the attack remotely. The exploit....

7.3CVSS

7.4AI Score

0.0004EPSS

2024-05-26 12:15 PM
25
cvelist
cvelist

CVE-2024-5363 SourceCodester Best House Rental Management System manage_user.php sql injection

A vulnerability classified as critical was found in SourceCodester Best House Rental Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely.....

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-26 12:00 PM
vulnrichment
vulnrichment

CVE-2024-5363 SourceCodester Best House Rental Management System manage_user.php sql injection

A vulnerability classified as critical was found in SourceCodester Best House Rental Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely.....

6.3CVSS

7.5AI Score

0.0004EPSS

2024-05-26 12:00 PM
cvelist
cvelist

CVE-2024-5362 SourceCodester Online Hospital Management System departmentDoctor.php sql injection

A vulnerability classified as critical has been found in SourceCodester Online Hospital Management System 1.0. Affected is an unknown function of the file departmentDoctor.php. The manipulation of the argument deptid leads to sql injection. It is possible to launch the attack remotely. The exploit....

7.3CVSS

7.6AI Score

0.0004EPSS

2024-05-26 11:31 AM
vulnrichment
vulnrichment

CVE-2024-5362 SourceCodester Online Hospital Management System departmentDoctor.php sql injection

A vulnerability classified as critical has been found in SourceCodester Online Hospital Management System 1.0. Affected is an unknown function of the file departmentDoctor.php. The manipulation of the argument deptid leads to sql injection. It is possible to launch the attack remotely. The exploit....

7.3CVSS

7.4AI Score

0.0004EPSS

2024-05-26 11:31 AM
nvd
nvd

CVE-2024-5360

A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/foreigner-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be initiated...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-26 11:15 AM
cve
cve

CVE-2024-5360

A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/foreigner-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be initiated...

6.3CVSS

7.8AI Score

0.0004EPSS

2024-05-26 11:15 AM
23
nvd
nvd

CVE-2024-5361

A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /admin/normal-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 11:15 AM
cve
cve

CVE-2024-5361

A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /admin/normal-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated...

6.3CVSS

7.7AI Score

0.0004EPSS

2024-05-26 11:15 AM
25
cvelist
cvelist

CVE-2024-5361 PHPGurukul Zoo Management System normal-bwdates-reports-details.php sql injection

A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /admin/normal-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 11:00 AM
cvelist
cvelist

CVE-2024-5360 PHPGurukul Zoo Management System foreigner-bwdates-reports-details.php sql injection

A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/foreigner-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be initiated...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-26 10:31 AM
nvd
nvd

CVE-2024-5359

A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been classified as critical. This affects an unknown part of the file /admin/foreigner-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 10:15 AM
cve
cve

CVE-2024-5359

A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been classified as critical. This affects an unknown part of the file /admin/foreigner-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-26 10:15 AM
24
vulnrichment
vulnrichment

CVE-2024-5359 PHPGurukul Zoo Management System foreigner-search.php sql injection

A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been classified as critical. This affects an unknown part of the file /admin/foreigner-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-26 10:00 AM
cvelist
cvelist

CVE-2024-5359 PHPGurukul Zoo Management System foreigner-search.php sql injection

A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been classified as critical. This affects an unknown part of the file /admin/foreigner-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 10:00 AM
nvd
nvd

CVE-2024-5358

A vulnerability was found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/normal-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 09:15 AM
cve
cve

CVE-2024-5358

A vulnerability was found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/normal-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-26 09:15 AM
28
cvelist
cvelist

CVE-2024-5358 PHPGurukul Zoo Management System normal-search.php sql injection

A vulnerability was found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/normal-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 09:00 AM
vulnrichment
vulnrichment

CVE-2024-5358 PHPGurukul Zoo Management System normal-search.php sql injection

A vulnerability was found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/normal-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-26 09:00 AM
1
cve
cve

CVE-2024-5356

A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-26 08:15 AM
25
nvd
nvd

CVE-2024-5357

A vulnerability has been found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely......

7.3CVSS

7.5AI Score

0.0004EPSS

2024-05-26 08:15 AM
2
cve
cve

CVE-2024-5357

A vulnerability has been found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely......

7.3CVSS

7.7AI Score

0.0004EPSS

2024-05-26 08:15 AM
26
nvd
nvd

CVE-2024-5356

A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 08:15 AM
cvelist
cvelist

CVE-2024-5357 PHPGurukul Zoo Management System forgot-password.php sql injection

A vulnerability has been found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely......

7.3CVSS

7.5AI Score

0.0004EPSS

2024-05-26 08:00 AM
vulnrichment
vulnrichment

CVE-2024-5357 PHPGurukul Zoo Management System forgot-password.php sql injection

A vulnerability has been found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely......

7.3CVSS

7.4AI Score

0.0004EPSS

2024-05-26 08:00 AM
vulnrichment
vulnrichment

CVE-2024-5356 anji-plus AJ-Report testTransform;swagger-ui sql injection

A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-26 07:31 AM
1
cvelist
cvelist

CVE-2024-5356 anji-plus AJ-Report testTransform;swagger-ui sql injection

A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 07:31 AM
1
nvd
nvd

CVE-2024-5340

A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection. The attack may be launched remotely. The.....

4.7CVSS

5.2AI Score

0.0005EPSS

2024-05-25 10:15 PM
cve
cve

CVE-2024-5340

A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection. The attack may be launched remotely. The.....

4.7CVSS

7.3AI Score

0.0005EPSS

2024-05-25 10:15 PM
28
cvelist
cvelist

CVE-2024-5340 Ruijie RG-UAC sub_commit.php os command injection

A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection. The attack may be launched remotely. The.....

4.7CVSS

5.2AI Score

0.0005EPSS

2024-05-25 09:31 PM
vulnrichment
vulnrichment

CVE-2024-5340 Ruijie RG-UAC sub_commit.php os command injection

A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection. The attack may be launched remotely. The.....

4.7CVSS

7.3AI Score

0.0005EPSS

2024-05-25 09:31 PM
cve
cve

CVE-2024-5339

A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/vpn/autovpn/online_check.php. The manipulation of the argument peernode leads to os command injection. The attack can be...

4.7CVSS

7.3AI Score

0.0005EPSS

2024-05-25 05:15 PM
25
nvd
nvd

CVE-2024-5339

A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/vpn/autovpn/online_check.php. The manipulation of the argument peernode leads to os command injection. The attack can be...

4.7CVSS

5.3AI Score

0.0005EPSS

2024-05-25 05:15 PM
cvelist
cvelist

CVE-2024-5339 Ruijie RG-UAC online_check.php os command injection

A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/vpn/autovpn/online_check.php. The manipulation of the argument peernode leads to os command injection. The attack can be...

4.7CVSS

5.3AI Score

0.0005EPSS

2024-05-25 04:31 PM
vulnrichment
vulnrichment

CVE-2024-5339 Ruijie RG-UAC online_check.php os command injection

A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/vpn/autovpn/online_check.php. The manipulation of the argument peernode leads to os command injection. The attack can be...

4.7CVSS

7.3AI Score

0.0005EPSS

2024-05-25 04:31 PM
cve
cve

CVE-2024-5338

A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been classified as critical. Affected is an unknown function of the file /view/vpn/autovpn/online.php. The manipulation of the argument peernode leads to os command injection. It is possible to launch the attack remotely. The...

4.7CVSS

7.3AI Score

0.0005EPSS

2024-05-25 04:15 PM
25
nvd
nvd

CVE-2024-5338

A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been classified as critical. Affected is an unknown function of the file /view/vpn/autovpn/online.php. The manipulation of the argument peernode leads to os command injection. It is possible to launch the attack remotely. The...

4.7CVSS

5.3AI Score

0.0005EPSS

2024-05-25 04:15 PM
Total number of security vulnerabilities64403