PT-2024-16781 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS versions up to 2023 Description: A vulnerability was found in ZZCMS, affecting some unknown functionality of the file /admin/msg.php. The manipulation of the keyword argument leads to cross-site scripting. The attack may be launched...

PT-2024-16763 · Unknown · 1000 Projects Beauty Parlour Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Beauty Parlour Management System version 1.0 Description: A critical issue has been found in the 1000 Projects Beauty Parlour Management System. The problem is related to an unknown function of the file /admin/search-invoices.ph...

PT-2024-16688 · Unknown · 1000 Projects Bookstore Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Bookstore Management System version 1.0 Description: A critical issue has been identified in the 1000 Projects Bookstore Management System, affecting an unknown part of the file /admin/process category edit.php. The manipulation...

CVE-2024-10842

A vulnerability, which was classified as problematic, has been found in romadebrian WEB-Sekolah 1.0. Affected by this issue is some unknown functionality of the file /Admin/ProsesEditAkun.php of the component Backend. The manipulation of the argument UsernameBaru/Password leads to cross site...

PT-2024-16584 · Unknown · Romadebrian Web-Sekolah

Name of the Vulnerable Software and Affected Versions: romadebrian WEB-Sekolah version 1.0 Description: A vulnerability has been found in the file /Admin/Proses Edit Akun.php of the component Backend. The manipulation of the argument Username Baru/Password leads to cross site scripting. The attac...

CVE-2024-10757

A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Shopping Portal 2.0. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unittesting/templates/jsdata.php. The manipulation of the argument scripts leads t...

PT-2024-16173 · Unknown · Phpgurukul Medical Card Generation System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Medical Card Generation System version 1.0 Description: A critical issue has been found in the View Enquiry Page component, specifically affecting the file /admin/view-enquiry.php. The manipulation of the viewid argument leads to S...

CVE-2024-48708

Collabtive 3.1 is vulnerable to Cross-Site Scripting XSS via the name parameter in a file tasklist.php under action = add/edit and in b file admin.php under action = adduser/edituser...

UBUNTU-CVE-2024-48708

Collabtive 3.1 is vulnerable to Cross-Site Scripting XSS via the name parameter in a file tasklist.php under action = add/edit and in b file admin.php under action = adduser/edituser...

Collabtive 跨站脚本漏洞

Collabtive is a web-based project management system. The system includes features such as project management, document management and time tracking. A security vulnerability exists in Collabtive version 3.1, which stems from the presence of a cross-site scripting XSS vulnerability that can be...

PT-2024-39841 · Unknown · Lylme Spage

Name of the Vulnerable Software and Affected Versions: LyLme spage version 1.9.5 Description: A critical issue was found in LyLme spage, affecting an unknown function of the file /admin/sou.php. The manipulation of the id argument leads to SQL injection. This issue can be exploited remotely...

CVE-2024-46086

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/delete/123...

CVE-2024-46375

CVE-2024-46375 affects Best House Rental Management System 1.0: an arbitrary file upload vulnerability in the signup() function of rental/admin_class.php. The issue enables uploading arbitrary files via the signup process, potentially leading to full system compromise. The connected sources corro...

PT-2024-31303 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: Seacms version 13.1 Description: The issue allows attackers to control IP parameters written to the data/admin/ip.php file when the action is set, potentially resulting in arbitrary command execution. This occurs due to a vulnerability in the...

CVE-2024-7910

A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. The...

CVE-2024-7904

A vulnerability was found in DedeBIZ 6.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/filemanagecontrol.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack may be...

DedeBIZ 代码问题漏洞

DedeBIZ is a content management system from China Muyun Intelligence DedeBIZ company. A code issue vulnerability exists in DedeBIZ version 6.3.0, which stems from the parameter upfile1 in the file admin/filemanagecontrol.php that can lead to unrestricted uploads...

PT-2024-38674 · Dedebiz · Dedebiz

Name of the Vulnerable Software and Affected Versions: DedeBIZ version 6.3.0 Description: A critical issue was found in DedeBIZ, affecting some unknown functionality of the file admin/file manage control.php of the component File Extension Handler. The manipulation of the upfile1 argument leads t...

PT-2024-29387 · Unknown · Microweber

Name of the Vulnerable Software and Affected Versions: microweber version 2.0.16 Description: The issue is related to a Cross Site Scripting XSS vulnerability. It affects the admin.php file located in the userfilesmodulessettings directory. Recommendations: For microweber version 2.0.16, consider...

PT-2024-38227 · Unknown · Alton Management System

Name of the Vulnerable Software and Affected Versions: Alton Management System version 1.0 Description: A critical issue has been found in the Alton Management System, affecting the file /admin/team save.php. The manipulation of the team argument leads to SQL injection, allowing for remote attack...