Lucene search
K

55 matches found

OSV
OSV
added 2025/08/03 5:15 a.m.3 views

CVE-2025-8500

A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insert-and-view/action.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely...

8.8CVSS5.8AI score0.00476EPSS
Exploits1References5
CNVD
CNVD
added 2025/07/18 12:0 a.m.2 views

Modern Bag action.php file SQL injection vulnerability

Modern Bag is an online management system. Modern Bag suffers from a SQL injection vulnerability that stems from an error in the parameter proId in file /action.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL comman...

9.8CVSS8.3AI score0.00399EPSS
Exploits1References1
OSV
OSV
added 2025/06/22 5:15 p.m.6 views

CVE-2025-6484

A vulnerability was found in code-projects Online Shopping Store 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /action.php. The manipulation of the argument catid/brandid/keyword/proId/pid leads to sql injection. The attack may be launched...

7.2CVSS5.8AI score0.00466EPSS
Exploits1References10
NVD
NVD
added 2025/06/16 6:15 a.m.12 views

CVE-2025-6108

A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function watermarkTest of the file...

6.5CVSS0.00417EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 2:56 a.m.4 views

CVE-2023-0774

A vulnerability has been found in SourceCodester Medical Certificate Generator App 1.0 and classified as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument lastname leads to sql injection. The attack can be initiated remotely. The exploit ha...

9.8CVSS7.7AI score0.00518EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:11 a.m.7 views

CVE-2022-44279

Garage Management System v1.0 is vulnerable to Cross Site Scripting XSS via /garage/phpaction/createBrand.php...

6.1CVSS6AI score0.00551EPSS
Exploits1References1
OSV
OSV
added 2025/04/10 7:16 p.m.2 views

UBUNTU-CVE-2025-32696

Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1...

5.8AI score0.00298EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/18 12:0 a.m.5 views

Xinhu RockOA 安全漏洞

Xinhu RockOA is an office OA system of China Xinhu Xinhu Company. A security vulnerability exists in Xinhu RockOA 2.6.5 and earlier versions, which originates from the inputAction.php file and the saveAjax function that allows SQL injection, which may result in the execution of arbitrary code...

6.8CVSS7.6AI score0.00409EPSS
Exploits1References2
OSV
OSV
added 2025/03/04 12:15 a.m.7 views

CVE-2025-1890

A vulnerability has been found in shishuocms 1.1 and classified as critical. This vulnerability affects the function handleRequest of the file src/main/java/com/shishuo/cms/action/manage/ManageUpLoadAction.java. The manipulation of the argument file leads to unrestricted upload. The attack can be...

9.8CVSS5.5AI score0.00452EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/12/29 12:0 a.m.5 views

1000 Projects Attendance Tracking Management System 注入漏洞

1000 Projects Attendance Tracking Management System is an open source attendance management system from 1000 Projects. An injection vulnerability exists in version 1.0 of 1000 Projects Attendance Tracking Management System, which originates from an SQL injection vulnerability in the attendanceid...

9.8CVSS7AI score0.00667EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/12/29 12:0 a.m.8 views

PT-2024-17865 · Unknown · 1000 Projects Attendance Tracking Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Attendance Tracking Management System version 1.0 Description: A critical issue was found in the 1000 Projects Attendance Tracking Management System. This issue affects the file /admin/attendance action.php and is related to the...

9.8CVSS7.3AI score0.00667EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2024/12/26 12:0 a.m.7 views

PT-2024-17817 · Unknown · 1000 Projects Attendance Tracking Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Attendance Tracking Management System version 1.0 Description: A critical issue has been found in the 1000 Projects Attendance Tracking Management System, affecting some unknown processing of the file /admin/admin action.php. Th...

9.8CVSS7.9AI score0.00572EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2024/12/26 12:0 a.m.6 views

PT-2024-17811 · Unknown · 1000 Projects Attendance Tracking Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Attendance Tracking Management System version 1.0 Description: A critical vulnerability has been found in the 1000 Projects Attendance Tracking Management System. This issue affects unknown code of the file /admin/student...

9.8CVSS8AI score0.0065EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2024/11/04 12:0 a.m.4 views

PT-2024-16550 · Unknown · Codezips Hospital Appointment System

Name of the Vulnerable Software and Affected Versions: Codezips Hospital Appointment System version 1.0 Description: A critical issue has been found in the system, affecting some unknown processing of the file /doctorAction.php. The manipulation of the argument Name leads to sql injection. The...

9.8CVSS7.6AI score0.00587EPSS
Exploits1References9
OSV
OSV
added 2024/10/28 3:15 p.m.4 views

CVE-2024-10449

A vulnerability, which was classified as critical, was found in Codezips Hospital Appointment System 1.0. This affects an unknown part of the file /loginAction.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has be...

9.8CVSS5.7AI score0.01369EPSS
Exploits1References4
OSV
OSV
added 2024/07/17 4:15 p.m.4 views

CVE-2024-6830

A vulnerability, which was classified as critical, was found in SourceCodester Simple Inventory Management System 1.0. Affected is an unknown function of the file action.php of the component Order Handler. The manipulation of the argument orderid leads to sql injection. It is possible to launch t...

7.5CVSS5.6AI score0.00446EPSS
Exploits1References4
OSV
OSV
added 2024/04/02 2:15 a.m.3 views

CVE-2024-3146

A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/makehtmlrssaction.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and...

4.3CVSS4.8AI score
Exploits0References4
OSV
OSV
added 2024/04/02 2:15 a.m.5 views

CVE-2024-3145

A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/makehtmljsaction.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to...

4.3CVSS4.7AI score0.00419EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.4 views

PT-2024-24091 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A problematic issue has been found in DedeCMS, affecting an unknown part of the file /src/dede/makehtml rss action.php. This issue leads to cross-site request forgery and can be initiated remotely. The exploit...

5CVSS5AI score0.00412EPSS
Exploits1References7
OSV
OSV
added 2024/03/09 11:15 p.m.3 views

CVE-2024-2351

A vulnerability classified as critical was found in CodeAstro Ecommerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file action.php of the component Search. The manipulation of the argument catid/brandid/keyword leads to sql injection. The attack can be launched...

9.8CVSS6.4AI score0.00684EPSS
Exploits1References3
Rows per page
Query Builder