Simple Subscription Website SQL注入漏洞

Simple Subscription Website is an open source, web-based simple subscription application by the individual developer Carlo Montero. It is used to provide companies with possible members to apply for plans that offer certain services. An SQL injection vulnerability exists in Simple Subscription...

CVE-2022-26633

Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php...

Simple Student Quarterly Result / Grade System 1.0 SQL Injection

Exploit Title: Simple Student Quarterly Result/Grade System 1.0 - SQLi Authentication Bypass Date: 11/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Employees Daily Task Management System 1.0 SQL Injection

Exploit Title: Employees Daily Task Management System 1.0 - 'username' SQLi Authentication Bypass Exploit Author: able403 Date: 08/12/2021 Vendor Homepage: https://www.sourcecodester.com/php/15030/employee-daily-task-management-system-php-and-sqlite-source-code.html Software Link:...

Employees Daily Task Management System 1.0 - (username) SQL injection Authentication Bypass

Exploit Title: Employees Daily Task Management System 1.0 - 'username' SQLi Authentication Bypass Exploit Author: able403 Vendor Homepage: https://www.sourcecodester.com/php/15030/employee-daily-task-management-system-php-and-sqlite-source-code.html Software Link:...

CVE-2021-41492

Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System POS 1.0 via the 1 Product Code in the pos page in cashiering. 2 id parameter in manageproducts and the 3 t paramater in actions.php...

CVE-2021-41676

An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php...

Sql injection

An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php...

Pharmacy Point Of Sale System 1.0 Cross Site Request Forgery

Exploit Title: Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery CSRF Date: 10/11/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery (CSRF)

Exploit Title: Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery CSRF Date: 10/11/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

CVE-2019-9787

WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS...

CVE-2017-11445

CVE-2017-11445 affects Subrion CMS prior to 4.1.6. The vulnerability is a SQL injection in the file /front/actions.php reachable via the POST data ($_POST), caused by insufficient input handling in Subrion CMS. Reported across multiple sources (CNVD, NVD, OSV, Veracode) with the root cause descri...

CVE-2017-11445

Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $POST array...

CVE-2016-6897

CVE-2016-6897 describes a CSRF vulnerability in WordPress up to version 4.5.x affecting the wp_ajax_update_plugin handler in wp-admin/includes/ajax-actions.php. The issue arises from a late check_ajax_referer call, enabling remote attackers to hijack subscribers’ authentication for /dev/random re...

CVE-2016-6897

Cross-site request forgery CSRF vulnerability in the wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the checkajaxreferer...

foncierdebretagne.fr XSS vulnerability

Vulnerable URL: http://foncierdebretagne.fr/actions.php Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 5797365 VIP website status:| No Coordinated Disclosure Timeline: Description|...

CVE-2016-6635

Cross-site request forgery CSRF vulnerability in the wpajaxwpcompressiontest function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option...

CVE-2016-5835

WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php...

ZoneMinder Video Server packageControl Command Execution (CVE-2013-0232)

A code execution vulnerability has been reported in ZoneMinder. The vulnerability is due to flaw in the index.php script that is triggered when user supplied input used in the /includes/actions.php file is passed from the 'runeState' parameter to the 'packageControl, which calls exec with user...

AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary File Upload

Exploit for php platform in category web applications Exploit Title: AllWebMenus WordPress Menu Plugin Arbitrary file upload Version: Compress it with zip to awm.zip Use this form to upload the php file to the server Version 1.1.8 also checks the source referrer, so you have to use scripting...