PT-2023-28213 · Sourcecodester · Sourcecodester Inventory Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Inventory Management System version 1.0 Description: A critical issue affects the processing of the file ex catagory data.php, where the manipulation of the argument columns1data leads to sql injection. The attack can be...

CVE-2023-2771

A vulnerability, which was classified as critical, has been found in SourceCodester Online Exam System 1.0. This issue affects some unknown processing of the file /jurusanmatkul/data. The manipulation of the argument columns1data leads to sql injection. The attack may be initiated remotely. The...

PT-2023-20853 · Unknown · Sourcecodester Online Exam System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Exam System version 1.0 Description: A critical issue was found in the SourceCodester Online Exam System, affecting some unknown functionality of the file /mahasiswa/data of the component POST Parameter Handler. The...

Online Exam System SQL注入漏洞

Online Exam System is an online exam system by oretnom23 individual developers. A SQL injection vulnerability exists in SourceCodester Online Exam System version 1.0, which stems from a problem with the file /dosen/data of the component POST Parameter Handler, where manipulation of the parameter...

CVE-2023-27213

Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php...

CVE-2022-37242

MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter...

CVE-2022-37242

MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter...

PT-2022-23886 · Mdaemon Technologies · Mdaemon Technologies Securitygateway For Email Servers

Name of the Vulnerable Software and Affected Versions: MDaemon Technologies SecurityGateway for Email Servers version 8.5.2 Description: The issue concerns HTTP Response splitting, which occurs via the data parameter. This allows for potential manipulation of HTTP responses. Recommendations: For...

Alt-N MDaemon 注入漏洞

Alt-N MDaemon is a mail service system from Alt-N Corporation that provides complete mail server functionality, protects users from spam, enables web login to send and receive emails, supports remote management, and protects the system against email viruses when used in conjunction with the MDaem...

CVE-2022-2444

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

PT-2022-16697 · WordPress · The Visualizer: Tables/Charts Manager For Wordpress

Name of the Vulnerable Software and Affected Versions: The Visualizer: Tables and Charts Manager for WordPress versions up to, and including 3.7.9 Description: The issue concerns deserialization of untrusted input via the remote data parameter. This allows authenticated attackers with contributor...

CVE-2022-30619

Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. He attack is available for any authenticated user, in any kind of rule. under the function : /AgilePointServer/Extension/FetchUsingEncodedData in the...

CVE-2022-31382

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php...

VulnCheck KEV: CVE-2018-16763

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution...

GHSA-R68M-WQ3X-2HQW OpenTSDB Cross-site Scripting vulnerability

An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter json to the /q URI...

CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection

Rapid7 discovered and reported a vulnerability that affects Zyxel firewalls supporting Zero Touch Provisioning ZTP, which includes the ATP series, VPN series, and the USG FLEX series including USG20-VPN and USG20W-VPN. The vulnerability, identified as CVE-2022-30525, allows an unauthenticated and...

Spotweb Cross-Site Scripting Vulnerability (CNVD-2022-34641)

Spotweb is a Php-based Soptnet client that follows the Spotnet protocol from the Spotweb team.Spotweb is vulnerable to cross-site scripting, which can be exploited by remote attackers to inject arbitrary Web scripts or HTML via the dataperformredirect parameter...

UBUNTU-CVE-2021-43725

There is a Cross Site Scripting XSS vulnerability in SpotPagelogin.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the dataperformredirect parameter...

WordPress WP Email Users plugin SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress WP Email Users plugin version 1.7.6 and previous versions have a SQL injection vulnerability, which originates from WP Email...

CVE-2021-24424

The WP Reset – Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extradata parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue...