20 matches found
itsourcecode Online Voting System SQL注入漏洞
Online Voting System is an online voting system. Online Voting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /ajax.php. An attacker can exploit this vulnerability to execute illega...
CVE-2025-12612
A security flaw has been discovered in Campcodes School Fees Payment Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=deletecourse. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been...
CVE-2025-9678 Campcodes Online Loan Management System ajax.php sql injection
A weakness has been identified in Campcodes Online Loan Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=deleteborrower. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been...
PT-2025-34497 · Liferay · Liferay Portal +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.131 Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...
CVE-2024-42793
A Cross-Site Request Forgery CSRF vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=saveuser page...
CVE-2024-42793
A Cross-Site Request Forgery CSRF vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=saveuser page...
CVE-2024-42793
CVE-2024-42793 affects Kashipara Music Management System v1.0. A CSRF vulnerability exists via a crafted request to /music/ajax.php?action=save_user, due to insufficient verification of the request origin. Impact is described as enabling forged malicious requests to perform sensitive operations; ...
WordPress Advanced AJAX Page Loader Plugin <= 2.7.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Advanced AJAX Page Loader Type Plugin Vulnerable versions = 2.7.7 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6310 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID b14ebfbe3313 Credits István Márto...
Customer Support System SQL Injection Vulnerability
Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a SQL injection vulnerability that originates from...
PrestaShop SQL注入漏洞
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop jmspagebuilder version 3.x. The vulnerability stems from a SQL...
PT-2022-26539 · Candidats · Candidats
Name of the Vulnerable Software and Affected Versions: CandidATS version 3.0.0 Description: The issue allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not properly validate user input against XSS attacks, specifically on the 'page' ...
MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation
The plugin does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin PoC The nonce value of the stmlmsregister request must be retrieved from the ajax page. for this you should check the home page POST...
MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation
The plugin does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin The nonce value of the stmlmsregister request must be retrieved from the ajax page. for this you should check the home page POST...
SourceCodester Courier Management System SQL注入漏洞
SourceCodester Courier Management System is an application program of SourceCodester. It is a system that provides management functions. A SQL injection vulnerability exists in the SourceCodester Courier Management System, which stems from the email parameter in the product/cms/ajax.php page...
WordPress advanced-ajax-page-loader plugin permissions permission and access control issues vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. advanced-ajax-page-loader is an AJAX page loading plugin used in it. The WordPress advanced-ajax-page-loader plugin is...
CVE-2016-10929
The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in...
CVE-2016-10929
The CVE-2016-10929 entry concerns the WordPress plugin “advanced-ajax-page-loader” prior to version 2.7.7. The vulnerability is that there is no protection against reading uploaded files when the user is not logged in, enabling unauthenticated access to uploaded content. The available connected d...
CVE-2016-10929
The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in...
WordPress Plugin Simply Poll SQL Injection Vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . A SQL injection vulnerability exists in the pollid parameter of the Simply Poll admin-ajax.php page of the...
Fedora Update for drupal7-ctools FEDORA-2014-2562
Check for the Version of drupal7-ctools OpenVAS Vulnerability Test Fedora Update for drupal7-ctools FEDORA-2014-2562 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...