Lucene search
K

20 matches found

CNNVD
CNNVD
added 2025/11/17 12:0 a.m.7 views

itsourcecode Online Voting System SQL注入漏洞

Online Voting System is an online voting system. Online Voting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /ajax.php. An attacker can exploit this vulnerability to execute illega...

8.8CVSS7AI score0.00276EPSS
Exploits1References6
NVD
NVD
added 2025/11/03 3:15 a.m.10 views

CVE-2025-12612

A security flaw has been discovered in Campcodes School Fees Payment Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=deletecourse. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been...

9.8CVSS0.00314EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/08/29 9:32 p.m.3 views

CVE-2025-9678 Campcodes Online Loan Management System ajax.php sql injection

A weakness has been identified in Campcodes Online Loan Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=deleteborrower. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been...

7.5CVSS6.9AI score0.00387EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.7 views

PT-2025-34497 · Liferay · Liferay Portal +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.131 Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...

6.9CVSS5.5AI score0.00181EPSS
Exploits0References9
NVD
NVD
added 2024/08/28 8:15 p.m.15 views

CVE-2024-42793

A Cross-Site Request Forgery CSRF vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=saveuser page...

8CVSS0.00228EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/08/28 12:0 a.m.15 views

CVE-2024-42793

A Cross-Site Request Forgery CSRF vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=saveuser page...

0.00228EPSS
Exploits1References2
CVE
CVE
added 2024/08/28 12:0 a.m.45 views

CVE-2024-42793

CVE-2024-42793 affects Kashipara Music Management System v1.0. A CSRF vulnerability exists via a crafted request to /music/ajax.php?action=save_user, due to insufficient verification of the request origin. Impact is described as enabling forged malicious requests to perform sensitive operations; ...

8CVSS7AI score0.00228EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2024/07/09 12:0 a.m.11 views

WordPress Advanced AJAX Page Loader Plugin <= 2.7.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Advanced AJAX Page Loader Type Plugin Vulnerable versions = 2.7.7 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6310 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID b14ebfbe3313 Credits István Márto...

8.8CVSS6.7AI score0.00489EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2024/03/08 12:0 a.m.23 views

Customer Support System SQL Injection Vulnerability

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a SQL injection vulnerability that originates from...

9.8CVSS7.9AI score0.0115EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/06/06 12:0 a.m.6 views

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop jmspagebuilder version 3.x. The vulnerability stems from a SQL...

9.8CVSS8.6AI score0.01029EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/03 12:0 a.m.4 views

PT-2022-26539 · Candidats · Candidats

Name of the Vulnerable Software and Affected Versions: CandidATS version 3.0.0 Description: The issue allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not properly validate user input against XSS attacks, specifically on the 'page' ...

6.1CVSS6.1AI score0.01071EPSS
Exploits1References6
WPVulnDB
WPVulnDB
added 2022/02/01 12:0 a.m.37 views

MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation

The plugin does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin PoC The nonce value of the stmlmsregister request must be retrieved from the ajax page. for this you should check the home page POST...

9.8CVSS0.7AI score0.84943EPSS
Exploits8References1Affected Software1
wpexploit
wpexploit
added 2022/02/01 12:0 a.m.98 views

MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation

The plugin does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin The nonce value of the stmlmsregister request must be retrieved from the ajax page. for this you should check the home page POST...

9.8CVSS0.9AI score0.84943EPSS
Exploits8References1
CNNVD
CNNVD
added 2022/01/21 12:0 a.m.5 views

SourceCodester Courier Management System SQL注入漏洞

SourceCodester Courier Management System is an application program of SourceCodester. It is a system that provides management functions. A SQL injection vulnerability exists in the SourceCodester Courier Management System, which stems from the email parameter in the product/cms/ajax.php page...

10CVSS8.6AI score0.01751EPSS
Exploits1References3
CNVD
CNVD
added 2019/08/27 12:0 a.m.3 views

WordPress advanced-ajax-page-loader plugin permissions permission and access control issues vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. advanced-ajax-page-loader is an AJAX page loading plugin used in it. The WordPress advanced-ajax-page-loader plugin is...

5.3CVSS6.8AI score0.01332EPSS
Exploits0References1
OSV
OSV
added 2019/08/22 8:15 p.m.6 views

CVE-2016-10929

The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in...

5.3CVSS5.8AI score0.01332EPSS
Exploits0References1
CVE
CVE
added 2019/08/22 7:39 p.m.45 views

CVE-2016-10929

The CVE-2016-10929 entry concerns the WordPress plugin “advanced-ajax-page-loader” prior to version 2.7.7. The vulnerability is that there is no protection against reading uploaded files when the user is not logged in, enabling unauthenticated access to uploaded content. The available connected d...

5.3CVSS5.4AI score0.01332EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/22 7:39 p.m.25 views

CVE-2016-10929

The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in...

5.5AI score0.01332EPSS
Exploits0References1
CNVD
CNVD
added 2016/12/29 12:0 a.m.3 views

WordPress Plugin Simply Poll SQL Injection Vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . A SQL injection vulnerability exists in the pollid parameter of the Simply Poll admin-ajax.php page of the...

7.8AI score
Exploits0References1
OpenVAS
OpenVAS
added 2014/03/04 12:0 a.m.11 views

Fedora Update for drupal7-ctools FEDORA-2014-2562

Check for the Version of drupal7-ctools OpenVAS Vulnerability Test Fedora Update for drupal7-ctools FEDORA-2014-2562 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

7.4AI score
Exploits0References2
Rows per page
Query Builder