CVE-2023-2054

A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. This affects an unknown part of the file /admin/positionsdelete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit...

PT-2023-17452 · Unknown · Campcodes Advanced Online Voting System

Name of the Vulnerable Software and Affected Versions: Campcodes Advanced Online Voting System version 1.0 Description: A critical issue has been found in the system, affecting some unknown functionality of the file /admin/candidates row.php. The manipulation of the id argument leads to sql...

taoCMS 代码注入漏洞

taoCMS is a Chinese micro CMS Content Management System. A code injection vulnerability exists in taoCMS version 3.0.2, which stems from a problem in the file /admin/admin.php that can lead to code injection...

PT-2023-17360 · Taocms · Taocms

Name of the Vulnerable Software and Affected Versions: taoCMS version 3.0.2 Description: A critical issue has been discovered, allowing for code injection through an unknown function in the /admin/admin.php file. This can be exploited remotely. Recommendations: For taoCMS version 3.0.2, at the...

Online Tours & Travels Management System 代码问题漏洞

Online Tours & Travels Management System is an online tours management system by Mayuri K. Individual developer. A code issue exists in SourceCodester Online Tours & Travels Management System version 1.0, which is caused by an unknown function in the file admin/ab.php, which causes unrestricted...

WordPress plugin woo-popup 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2023-0840

A vulnerability classified as problematic was found in PHPCrazy 1.1.1. This vulnerability affects unknown code of the file admin/admin.php?action=users&mode=info&user=2. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has...

WebFinance SQL注入漏洞

WebFinance is a web application for managing invoices and handling customer contacts. A SQL injection vulnerability exists in WebFinance version 0.5, which stems from a problem with the unknown code in the file htdocs/admin/saveContractSignerRole.php, where manipulation of the parameters n/v can...

PT-2023-16339 · Sourcecodester · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue has been found in the system, affecting some unknown functionality of the file admin/expense report.php. The manipulation of the from date...

PT-2023-16335 · Sourcecodester · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue has been found in the system, affecting the file admin/add payment.php. The manipulation of the id argument leads to sql injection. This issue c...

Online Food Ordering System SQL注入漏洞

Online Food Ordering System is an online food ordering system. an SQL injection vulnerability exists in Online Food Ordering System, which stems from a problem in the unknown section of the file adminclass.php, where an operation on the parameter email can lead to sql injection. No details of the...

CVE-2022-44401

Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php...

Online Tours & Travels Management System 代码问题漏洞

Online Tours & Travels Management System is an online tour management system by Mayuri K. Individual developer. A code issue vulnerability exists in Online Tours & Travels Management System v1.0, which was discovered to contain a file upload vulnerability via /tour/admin/file.php...

PT-2022-23929 · Unknown · Sourcecodester Web-Based Student Clearance System

Name of the Vulnerable Software and Affected Versions: SourceCodester Web-Based Student Clearance System affected versions not specified Description: A critical issue has been discovered, affecting an unknown part of the file Admin/edit-admin.php. The manipulation of the id argument leads to SQL...

CVE-2022-41406

An arbitrary file upload vulnerability in the /admin/adminpic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

PT-2022-23819 · Bluecms · Bluecms

Name of the Vulnerable Software and Affected Versions: BlueCMS version 1.6 Description: The issue is related to SQL injection, specifically located in line 132 of the admin/article.php file. Recommendations: For BlueCMS version 1.6, update the admin/article.php file to fix the SQL injection issue...

CVE-2017-20067 Hindu Matrimonial Script sql injection

A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack can be launched...

Magento affected by remote code execution via a file upload

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution...

CVE-2022-28997

CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery SSRF which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/...

CVE-2022-1273

The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files such as PHP, leading to RCE...