CVE-2024-5380 jsy-1 short-url admin.php cross site scripting

A vulnerability classified as problematic has been found in jsy-1 short-url 1.0.0. Affected is an unknown function of the file admin.php. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.0 is able to address...

CVE-2024-34191

htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the deletepost function at admin.php. This vulnerability allows attackers to delete arbitrary files via a crafted request...

CVE-2024-34191

HTMly version 2.9.6 is affected by CVE-2024-34191, a vulnerability in delete_post() (admin.php) that enables arbitrary file deletion via a crafted request. The issue is documented across multiple sources (NVD/Red Hat OSV, etc.), with a CVSS v3.1 base score of 6.5 (I: High, A: None) and an attack ...

PT-2024-32947 · Unknown · Kashipara College Management System

Name of the Vulnerable Software and Affected Versions: Kashipara College Management System version 1.0 Description: A critical issue has been found in the Kashipara College Management System, affecting an unknown functionality of the file submit admin.php. The manipulation of the phone argument...

CVE-2024-28557

SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php...

CVE-2024-28557

SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php...

CVE-2024-28557

SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php...

CVE-2024-28557

CVE-2024-28557 affects Sourcecodester PHP Task Management System v1.0, with a SQL Injection vulnerability in update-admin.php. The underlying cause is improper input handling that allows an attacker to inject SQL through crafted payloads, enabling remote code execution, privilege escalation, and ...

Prison Management System add-admin.php File Upload Vulnerability

Prison Management System is a prison management system. A file upload vulnerability exists in Prison Management System version 1.0, which stems from a lack of validation of uploaded files in the avatar parameter of the /Admin/add-admin.php file. This vulnerability can be exploited to remotely...

Employee Management System 1.0 - 'admin_id' SQLi

Exploit Title: Employee Management System 1.0 - 'adminid' SQLi Date: 20-03-2024 Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17217/employee-management-system-php-and-mysql-free-download.html Version: 1.0 Tested on...

CVE-2024-28595

SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the adminid parameter in update-admin.php...

CVE-2024-2576 SourceCodester Employee Task Management System update-admin.php authorization

A vulnerability, which was classified as critical, was found in SourceCodester Employee Task Management System 1.0. This affects an unknown part of the file /update-admin.php. The manipulation of the argument adminid leads to authorization bypass. It is possible to initiate the attack remotely. T...

CVE-2024-2576 SourceCodester Employee Task Management System update-admin.php authorization

A vulnerability, which was classified as critical, was found in SourceCodester Employee Task Management System 1.0. This affects an unknown part of the file /update-admin.php. The manipulation of the argument adminid leads to authorization bypass. It is possible to initiate the attack remotely. T...

CVE-2024-2557

A vulnerability was found in kishor-23 Food Waste Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/admin.php. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed t...

CVE-2024-2557 kishor-23 Food Waste Management System admin.php improper authorization

A vulnerability was found in kishor-23 Food Waste Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/admin.php. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed t...

CVE-2024-2394 SourceCodester Employee Management System add-admin.php unrestricted upload

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/add-admin.php. The manipulation of the argument avatar leads to unrestricted upload. The attack may be launched...

CVE-2024-2394 SourceCodester Employee Management System add-admin.php unrestricted upload

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/add-admin.php. The manipulation of the argument avatar leads to unrestricted upload. The attack may be launched...

PT-2024-20191 · Sourcecodester · Sourcecodester Employee Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Employee Management System version 1.0 Description: A critical issue affects some unknown functionality of the file /Admin/add-admin.php, where the manipulation of the avatar argument leads to unrestricted upload. This issue ca...

Cross site scripting

XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component /admin.php...

CVE-2023-49490

XunRuiCMS v4.5.5 contains a reflective cross-site scripting (XSS) vulnerability exploitable via the component /admin.php. The issue is documented across multiple sources (NVD, Red Hat, CNNVD, CVE listing) and is associated with XunRuiCMS 4.5.5. The root cause is reflective XSS in /admin.php, allo...