Code-Projects Simple Laundry System 代码注入漏洞

Code-Projects Simple Laundry System is an open-source system developed by Code-Projects, designed for managing laundry shop operations. It offers features such as order management, customer management, and inventory management. Version 1.0 of Code-Projects Simple Laundry System contains a code...

CVE-2024-6460

The WordPress plugin Grow by Tradedoubler (versions ≤ 2.0.21) is affected by an unauthenticated Local File Inclusion via the component parameter, allowing inclusion and execution of PHP files on the server (high impact). Remediation: upgrade to version 2.0.22 or later. The CVSS in the source reco...

PT-2024-37644 · Tradedoubler · The Grow By Tradedoubler

Name of the Vulnerable Software and Affected Versions: The Grow by Tradedoubler WordPress plugin versions 2.0.21 and earlier Description: The issue allows attackers to include and execute PHP files on the server via the component parameter, enabling the execution of any PHP code in those files...

CVE-2024-0945

A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotel...

Deserialization of untrusted data

Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbo...

ZOHO ManageEngine SupportCenter Plus Directory Traversal Vulnerability

ZOHO ManageEngine SupportCenter Plus is a customer service support management software from ZOHO USA. The software provides help desk, customer management, service level management and tracking of customer requests. A directory traversal vulnerability exists in ZOHO ManageEngine SupportCenter Plu...

CVE-2015-5149

Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. dot dot in the component parameter in the Request component to workorder/Attachment.jsp...

Directory traversal

Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. dot dot in the component parameter in the Request component to workorder/Attachment.jsp...

CVE-2015-5149

Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. dot dot in the component parameter in the Request component to workorder/Attachment.jsp...

Traq 2.2 - Multiple SQL Injections Cross-Site Scripting

Traq 2.2 - Multiple SQL Injections Cross-Site Scripting source: https://www.securityfocus.com/bid/49835/info Traq is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow...