Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Felix Welberg SIS Handball allows SQL Injection.This issue affects SIS Handball: from n/a through...
9.8CVSS
9.7AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Felix Welberg SIS Handball plugin <= 1.0.45...
8.8CVSS
8.8AI Score
0.001EPSS
SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other...
6.1CVSS
6.3AI Score
0.004EPSS
PHP remote file inclusion vulnerability in modules/Discipline/StudentFieldBreakdown.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter, a different vector than CVE-2007-4806. NOTE: the provenance of this information is...
7.3AI Score
0.029EPSS
Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the staticpath parameter to (1) modules/Discipline/CategoryBreakdownTime.php or (2)...
7.6AI Score
0.029EPSS
PHP remote file inclusion vulnerability in modules/Discipline/CategoryBreakdownTime.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath...
7.5AI Score
0.029EPSS
Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command...
9.9AI Score
0.255EPSS
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing...
7.6AI Score
0.902EPSS