CVE-2023-7226 meetyoucrop big-whale Admin Module all.api improper ownership management

A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /auth/user/all.api of the component Admin Module. The manipulation of the argument id leads to improper ownership management. The attack may be...

meetyoucrop big-whale security breach

big-whale is a task scheduling platform open-sourced by Meiyu meetyoucrop. A security vulnerability exists in meetyoucrop big-whale version 1.1, which stems from the presence of an unknown function in /auth/user/all.api in the component Admin Module, which leads to ownership mismanagement via the...

Library Management System SQL Injection Vulnerability

Library Management System is a library management system with QR code attendance and automatic library card generation by King Albaracin Personal Developer. A security vulnerability exists in Senayan Library Management Systems SLIMS 9 Bulian v9.6.1, which stems from vulnerability to SQL injection...

CVE-2023-39121

emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php...

OneKeyAdmin 跨站脚本漏洞

OneKeyAdmin is About plug-in management system based on Thinkphp6+Element, website, applets, malls, CMS, APP, ERP, API interface a system to get it all done, no scaffolding out of the box! A security vulnerability exists in OneKeyAdmin version 1.3.9, which stems from the discovery of a stored...

Sql injection

A vulnerability classified as critical was found in SourceCodester Online Food Ordering System. This vulnerability affects unknown code of the file adminclass.php of the component Login Module. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely...

PT-2022-11741 · Openmrs · Openmrs Admin Ui Module

Name of the Vulnerable Software and Affected Versions: OpenMRS Admin UI Module versions up to 1.5.x Description: A vulnerability was found in the OpenMRS Admin UI Module, affecting unknown code of the file location.gsp. The manipulation leads to cross-site scripting. The attack can be initiated...

AyaCMS 代码问题漏洞

AyaCMS is an extremely simple and free open source PHP website builder. A security vulnerability exists in AyaCMS version v3.1.2, which originates from uploading arbitrary files via /aya/module/admin/fstdown.inc.php...

CVE-2022-31335

Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=...

School Dormitory Management System 跨站脚本漏洞

School Dormitory Management System is a school dormitory management system. v1.0 version of School Dormitory Management System has a cross-site scripting vulnerability that originates from admin/inc/navigation.php:126 page that lacks a filter for user The vulnerability is caused by a lack of...

TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module

Cross-site scripting XSS vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Slims9 Bulian SQL注入漏洞

Slims9 Bulian is a free and open source software from the Indonesian Slims community. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. Slims9 Bulian suffers from a SQL injection vulnerability that originates from a SQL...

CVE-2021-44238

AyaCMS 3.1.2 is vulnerable to Remote Code Execution RCE via /aya/module/admin/usttabe.inc.php,...

CVE-2021-46444

H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admingroupedit&agID...

Sql injection

H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admingroupedit&agID...

com.gitee.pulanos.pangu:pangu-gateway-spring-boot-starter (>=5.0.7 <=5.1.0), org.apache.shenyu:shenyu-admin (>=2.4.0 <=2.4.1) +108 more potentially affected by CVE-2022-23944 via org.apache.shenyu:shenyu-common (>=2.4.0 <=2.4.1)

org.apache.shenyu:shenyu-common MAVEN version =2.4.0, =5.0.7, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.1 and more Source cves: CVE-2022-23944 Source advisory: OSV:GHSA-6V39-P2XQ-G5C3...

CVE-2021-46444

H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admingroupedit&agID...

Cross site scripting

The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability, which exists in the Admin preview module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to...

Great Quotes <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Quote and Author fields of its Quotes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. Add/edit a Quote and put the following payload in the "Quote" and "Author" fields:...

Grav CMS 1.7.10 - Code Execution Vulnerabilities

In the lineage of most recent flat-file PHP CMS, Grav CMS is a modern web platform to build fast, safe and extensible websites. It uses a modern technology stack with Twig, Symfony and Doctrine, and offers an administration dashboard that allows managing the whole website structure, pages, static...