Online Class and Exam Scheduling System department.php file cross-site scripting vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. Online Class and Exam Scheduling System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters id, code, and name ...

BDCOM Behavior Management and Auditing System 操作系统命令注入漏洞

BDCOM Behavior Management and Auditing System is a behavior management and auditing system from BDCOM China. An operating system command injection vulnerability exists in BDCOM Behavior Management and Auditing System version 20250210 and prior versions, which stems from a system command injection...

CVE-2023-51308

PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, pluginsmsapikey, pluginsmscountrycode, title, pluginsmsapikey, title" parameters...

CVE-2024-3922

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

PT-2025-1384 · Unknown · Pearprojectapi

Name of the Vulnerable Software and Affected Versions: pearProjectApi version 2.8.10 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the projectCode parameter at the "project.php" endpoint. Recommendations: For pearProjectApi version...

PearProject SQL注入漏洞

PearProject is a project management system backend interface for vilson individual developers. A security vulnerability exists in PearProject version v2.8.10, which originates from an SQL injection vulnerability contained via the projectCode parameter on project.php...

BigAntSoft BigAnt office messenger SQL Injection Vulnerability

BigAntSoft BigAnt office messenger is a server/client instant messaging program for enterprise environments from BigAntSoft Australia. A SQL injection vulnerability exists in BigAntSoft BigAnt office messenger. The vulnerability can be exploited to conduct a SQL injection attack via the "devcode"...

reggie 路径遍历漏洞

reggie is a takeaway website by 1902756969 individual developers. A path traversal vulnerability exists in reggie version 1.0, which stems from an information disclosure issue with the parameter code...

JeeWMS 注入漏洞

JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. An injection vulnerability exists in JeeWMS 20241229 and earlier versions, which stems from SQL injection in the parameter storecode...

CVE-2024-54761

BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'devcode' parameter...

BigAntSoft BigAnt office messenger 安全漏洞

BigAntSoft BigAnt office messenger is a server/client instant messaging program for enterprise environments from BigAntSoft Australia. A SQL injection vulnerability exists in BigAntSoft BigAnt office messenger. The vulnerability can be exploited to conduct a SQL injection attack via the "devcode"...

PT-2025-1879 · WordPress · Coupon Plugin

Name of the Vulnerable Software and Affected Versions: Coupon Plugin plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Stored Cross-Site Scripting via the Coupon Code parameter due to insufficient input sanitization and output escaping. This allows...

WordPress plugin Coupon Plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-17786 · Unknown · 1000 Projects Attendance Tracking Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Attendance Tracking Management System version 1.0 Description: A critical issue affects the processing of the file /admin/course action.php. The manipulation of the course code argument leads to SQL injection. The attack may be...

1000 Projects Attendance Tracking Management System 注入漏洞

1000 Projects Attendance Tracking Management System is an open source attendance management system from 1000 Projects. An injection vulnerability exists in 1000 Projects Attendance Tracking Management System version 1.0, which originates from the parameter coursecode in the file...

CVE-2024-50827

A SQL Injection vulnerability was found in /admin/addsubject.php in kashipara E-learning Management System Project 1.0 via the subjectcode parameter...

CVE-2024-50827

A SQL Injection vulnerability was found in /admin/addsubject.php in kashipara E-learning Management System Project 1.0 via the subjectcode parameter...

CVE-2024-50827

A SQL Injection vulnerability was found in /admin/addsubject.php in kashipara E-learning Management System Project 1.0 via the subjectcode parameter...

PT-2024-34437 · Unknown · Kashipara E-Learning Management System Project

Name of the Vulnerable Software and Affected Versions: KASHIPARA E-learning Management System Project version 1.0 Description: A Stored Cross-Site Scripting XSS issue was discovered in the "/admin/add subject.php" and "/lms/admin/add subject.php" API endpoints, allowing remote attackers to execut...

SourceCodester Online Eyewear Shop Website 跨站脚本漏洞

SourceCodester Online Eyewear Shop is a SourceCodester open source online eyewear store website project developed using PHP and MySQL, which provides an online shopping and ordering platform for the eyewear business and its potential customers. A cross-site scripting vulnerability exists in...