246 matches found
CVE-2024-40536
Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 were discovered to contain a stack overflow via the pin3gcode parameter in the config3gpara function...
CVE-2023-2037
A vulnerability was found in Campcodes Video Sharing Website 1.0. It has been classified as critical. This affects an unknown part of the file watch.php. The manipulation of the argument code leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to...
CVE-2022-22881
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData...
CVE-2020-25875
A stored cross site scripting XSS vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter...
CVE-2019-16759
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...
Code-Projects Departmental Store Management System 安全漏洞
Code-Projects Departmental Store Management System is an open source departmental store management system from Code-Projects. A security vulnerability exists in Code-Projects Departmental Store Management System version 1.0, which is caused by a stack-based buffer overflow due to the operation of...
Online Class and Exam Scheduling System department.php file cross-site scripting vulnerability
Online Class and Exam Scheduling System is an online class and exam scheduling system. Online Class and Exam Scheduling System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters id, code, and name ...
BDCOM Behavior Management and Auditing System 操作系统命令注入漏洞
BDCOM Behavior Management and Auditing System is a behavior management and auditing system from BDCOM China. An operating system command injection vulnerability exists in BDCOM Behavior Management and Auditing System version 20250210 and prior versions, which stems from a system command injection...
CVE-2023-51308
PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, pluginsmsapikey, pluginsmscountrycode, title, pluginsmsapikey, title" parameters...
CVE-2024-3922
The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
PearProject SQL注入漏洞
PearProject is a project management system backend interface for vilson individual developers. A security vulnerability exists in PearProject version v2.8.10, which originates from an SQL injection vulnerability contained via the projectCode parameter on project.php...
PT-2025-1384 · Unknown · Pearprojectapi
Name of the Vulnerable Software and Affected Versions: pearProjectApi version 2.8.10 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the projectCode parameter at the "project.php" endpoint. Recommendations: For pearProjectApi version...
BigAntSoft BigAnt office messenger SQL Injection Vulnerability
BigAntSoft BigAnt office messenger is a server/client instant messaging program for enterprise environments from BigAntSoft Australia. A SQL injection vulnerability exists in BigAntSoft BigAnt office messenger. The vulnerability can be exploited to conduct a SQL injection attack via the "devcode"...
reggie 路径遍历漏洞
reggie is a takeaway website by 1902756969 individual developers. A path traversal vulnerability exists in reggie version 1.0, which stems from an information disclosure issue with the parameter code...
JeeWMS 注入漏洞
JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. An injection vulnerability exists in JeeWMS 20241229 and earlier versions, which stems from SQL injection in the parameter storecode...
CVE-2024-54761
BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'devcode' parameter...
BigAntSoft BigAnt office messenger 安全漏洞
BigAntSoft BigAnt office messenger is a server/client instant messaging program for enterprise environments from BigAntSoft Australia. A SQL injection vulnerability exists in BigAntSoft BigAnt office messenger. The vulnerability can be exploited to conduct a SQL injection attack via the "devcode"...
PT-2025-1879 · WordPress · Coupon Plugin
Name of the Vulnerable Software and Affected Versions: Coupon Plugin plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Stored Cross-Site Scripting via the Coupon Code parameter due to insufficient input sanitization and output escaping. This allows...
WordPress plugin Coupon Plugin 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
1000 Projects Attendance Tracking Management System 注入漏洞
1000 Projects Attendance Tracking Management System is an open source attendance management system from 1000 Projects. An injection vulnerability exists in 1000 Projects Attendance Tracking Management System version 1.0, which originates from the parameter coursecode in the file...