CVE-2024-3551

The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any...

WAVLINK AC3000 安全漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a buffer overflow vulnerability, which originates from the qosdat parameter of the qos.cgi qossettings function that fails to properly validate the length of the input data, which can be exploited by an...

PT-2025-2579 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: Multiple buffer overflow vulnerabilities exist in the qos.cgi qos settings functionality. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an...

PT-2025-3843 · Unknown · Campcodes Deped Equipment Inventory System

Name of the Vulnerable Software and Affected Versions: CampCodes DepEd Equipment Inventory System version 1.0 Description: A vulnerability was found in the system, rated as problematic. It affects the processing of the file /data/add employee.php, where the manipulation of the data argument leads...

PT-2025-1722 · WordPress · Cost Calculator Builder

Name of the Vulnerable Software and Affected Versions: Cost Calculator Builder PRO plugin for WordPress versions up to, and including, 3.2.15 Description: The issue is related to blind time-based SQL Injection via the data parameter due to insufficient escaping on the user-supplied parameter and...

Maid Hiring Management System search-booking-request.php file cross-site scripting vulnerability

Maid Hiring Management System is a maid hiring management system. Maid Hiring Management System suffers from a cross-site scripting vulnerability that stems from the lack of adequate validation and filtering of searchdata parameter inputs in the file /admin/search-booking-request.php. No details ...

Maid Hiring Management System /admin/search-maid.php File SQL Injection Vulnerability

Maid Hiring Management System is a maid hiring management system. The Maid Hiring Management System suffers from a SQL injection vulnerability that originates from insufficient validation of the searchdata parameter in file /admin/search-maid.php. An attacker can use this vulnerability to send a...

Image Access Scan2Net 安全漏洞

Image Access Scan2Net is a scanning software from Image Access, Germany. A security vulnerability exists in Image Access Scan2Net versions 7.40 and earlier, 7.42 and earlier, and 7.42B and earlier, which stems from improper cleaning of the HTTP GET parameter data, which allows an attacker to acce...

PT-2024-22288 · Unknown · Image Access Scan2Net

Name of the Vulnerable Software and Affected Versions: Image Access Scan2Net versions affected versions not specified Description: An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg events.php" script as the www-data...

CVE-2023-26688

Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...

CVE-2023-26688

Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...

CS-Cart 安全漏洞

CS-Cart is an e-commerce platform from CS-Cart Inc. A security vulnerability exists in CS-Cart version 4.16.1. A remote attacker can exploit the vulnerability to obtain sensitive information via the productdata parameter in the PDF add-on...

PT-2024-12108 · Cs Cart Multivendor +1 · Pdf Add-On +1

Name of the Vulnerable Software and Affected Versions: CS-Cart MultiVendor version 4.16.1 Description: The issue allows remote attackers to obtain sensitive information via the product data parameter in the PDF Add-on. This is a Directory Traversal vulnerability, which can be exploited to access...

PT-2024-20859 · Unknown · 3Dsecure 2.0

Name of the Vulnerable Software and Affected Versions: 3DSecure 2.0 version 3DS Authorization Method Description: The issue concerns multiple reflected Cross-Site Scripting XSS vulnerabilities in the 3DS Authorization Method of 3DSecure 2.0. This vulnerability allows reflected XSS via the...

WordPress plugin LiquidPoll 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-38355 · Unknown · Itsourcecode Ticket Reservation System

Name of the Vulnerable Software and Affected Versions: itsourcecode Ticket Reservation System version 1.0 Description: A critical issue has been found in the itsourcecode Ticket Reservation System, affecting some unknown functionality of the file checkout ticket save.php. The manipulation of the...

PT-2024-37102 · WordPress · Timeline Event History Plugin

Name of the Vulnerable Software and Affected Versions: Timeline Event History plugin for WordPress versions up to, and including, 3.1 Description: The issue allows authenticated attackers with Contributor-level access and above to inject a PHP Object via deserialization of untrusted input...

CVE-2024-39165

QR/demoapp/qrimage.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the...

Asial JpGraph Security Vulnerability

Asial JpGraph is an object-oriented PHP graph creation library from Asial. A security vulnerability exists in Asial JpGraph version 4.2.6-pro and prior versions. A remote attacker can use this vulnerability to execute arbitrary code via a PHP load in the data parameter and a .php filename in the...

PT-2024-28374

Name of the Vulnerable Software and Affected Versions: Asial JpGraph Professional versions 4.2.6-pro and earlier Description: The issue allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This...