CVE-2024-7660 SourceCodester File Manager App Add File cross site scripting

A vulnerability has been found in SourceCodester File Manager App 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Add File Handler. The manipulation of the argument File Title/Uploaded By leads to cross site scripting. The attack can ...

CVE-2024-7660

SourceCodester File Manager App 1.0 contains a cross‑site scripting vulnerability in the Add File Handler. Manipulating the File Title/Uploaded By parameter can trigger XSS, with remote exploitation and a publicly disclosed exploit. Connected advisories do not specify the exact XSS type (reflecte...

PT-2024-38488 · Unknown · Sourcecodester File Manager App

Name of the Vulnerable Software and Affected Versions: SourceCodester File Manager App version 1.0 Description: A vulnerability has been found in the SourceCodester File Manager App, affecting an unknown functionality of the component Add File Handler. The manipulation of the argument File...

PT-2024-25828 · Sourcecodester · Sourcecodester Prison Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Prison Management System version 1.0 Description: A critical issue affects the Avatar Handler component, specifically the file /Admin/add-admin.php. The manipulation of the avatar argument leads to unrestricted upload. This iss...

CVE-2024-1821

A vulnerability was found in code-projects Crime Reporting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file policeadd.php. The manipulation of the argument policename/policeid/policespec/password leads to sql injection. The exploit has been disclos...

PT-2024-17691 · Unknown · Codeastro University Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro University Management System version 1.0 Description: A problematic vulnerability has been found in the Attendance Management component, specifically in the file /att add.php. The manipulation of the Student Name argument leads to...

CVE-2023-7177

A vulnerability classified as critical was found in Campcodes Online College Library System 1.0. This vulnerability affects unknown code of the file /admin/bookadd.php of the component HTTP POST Request Handler. The manipulation of the argument category leads to sql injection. The attack can be...

CVE-2023-48078

SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter...

DedeCMS Security Vulnerability

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A security vulnerability exists in...

PT-2023-32328 · Sourcecodester · Sourcecodester File Manager App

Name of the Vulnerable Software and Affected Versions: SourceCodester File Manager App version 1.0 Description: A critical vulnerability was found in the SourceCodester File Manager App, affecting an unknown functionality of the file endpoint "add-file.php". The manipulation of the uploadedFileNa...

SourceCodester File Manager Code Issue Vulnerability

SourceCodester File Manager is a file manager. A security vulnerability exists in SourceCodester File Manager version 1.0, which originates from a file upload vulnerability in the parameter uploadedFileName of the file endpoint/add-file.php...

PT-2023-17283 · Sourcecodester · Sourcecodester Online Payroll System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Payroll System version 1.0 Description: A problematic vulnerability has been found in the SourceCodester Online Payroll System, affecting an unknown part of the file /admin/employee add.php. The manipulation of the...

PT-2023-16618 · Unknown · Code-Projects Pharmacy Management System

Name of the Vulnerable Software and Affected Versions: codeprojects Pharmacy Management System version 1.0 Description: A critical issue has been found in the Avatar Image Handler component of the file add.php, leading to unrestricted upload. The attack can be initiated remotely. The issue affect...

Design/Logic Flaw

An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file...

UBUNTU-CVE-2020-10781

A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hotadd file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user...

zzcms SQL Injection Vulnerability (CNVD-2018-26017)

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the admin/specialadd.php file in ZZCMS version 8.3. A remote attacker can exploit this vulnerability to obtain the current user name of mysql with the help of zxbigclass...

Arbitrary File Upload Vulnerability in SignName Parameter of Tibco Call Center System

The core of Tibco's call center system is a communication-based system for internal and external corporate communication. An arbitrary file upload vulnerability exists in the signName parameter of the Tibus Communication Call Center System. 1 File upload: /sysmaint/import/import.php, save...

jbFileManager - Directory Traversal

Exploit for php platform in category web applications Exploit Title: jbFileManager - Path Traversalview/add/delete Date: 2016-06-15 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/ismiranda/jbFileManager Software Link:...

FileBug v1.5.1 iOS - Path Traversal Web Vulnerability

Document Title: =============== FileBug v1.5.1 iOS - Path Traversal Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1342 Release Date: ============= 2014-10-15 Vulnerability Laboratory ID VL-ID: ==================================== 1342...

Directory traversal

Multiple directory traversal vulnerabilities in SeedDMS formerly LetoDMS and MyDMS before 4.3.4 allow 1 remote authenticated users with access to the LogManagement functionality to read arbitrary files via a .. dot dot in the logname parameter to out/out.LogManagement.php or 2 remote attackers to...