CVE-2024-11250

The CVE-2024-11250 entry concerns code-projects Inventory Management up to version 1.0. The vulnerability is a SQL injection in the /model/editProduct.php file, triggered by manipulating the id parameter. Exploitation is described as remote, with public disclosures cited. The impact is high for c...

CVE-2024-11248 Tenda AC10 SetSysAutoRebbotCfg formSetRebootTimer stack-based overflow

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely...

CVE-2024-11076

A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0. This issue affects some unknown processing of the file /activation.php. The manipulation of the argument ehash leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2024-11073 SourceCodester Hospital Management System delete-account.php improper authorization

A vulnerability classified as problematic has been found in SourceCodester Hospital Management System 1.0. This affects an unknown part of the file /vm/patient/delete-account.php. The manipulation of the argument id leads to improper authorization. It is possible to initiate the attack remotely...

CVE-2024-10805

The connected documents confirm CVE-2024-10805 affects code-projects University Event Management System 1.0, specifically the doedit.php file’s id parameter. The vulnerability is an SQL injection that can be triggered remotely, with public exploitation noted. Several sources consistently describe...

CVE-2024-10765

A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument oldimage leads to unrestricted upload. The attack can be initiated remotely. The exploit ha...

CVE-2024-10760 code-projects University Event Management System dodelete.php sql injection

A vulnerability was found in code-projects University Event Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dodelete.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has bee...

CVE-2024-10758

A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack...

CVE-2024-10756 PHPGurukul Online Shopping Portal html_table.php cross site scripting

A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/assets/plugins/DataTables/media/unittesting/templates/htmltable.php. The manipulation of the argument scripts leads to cross...

CVE-2024-10750 Tenda i22 SysToo websReadEvent null pointer dereference

A vulnerability has been found in Tenda i22 1.0.0.34687 and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can ...

CVE-2024-10750 Tenda i22 SysToo websReadEvent null pointer dereference

A vulnerability has been found in Tenda i22 1.0.0.34687 and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can ...

CVE-2024-10746

A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. This affects an unknown part of the file /admin/assets/plugins/DataTables/media/unittesting/templates/domdata.php. The manipulation of the argument scripts leads to cross site scripting. It is...

CVE-2024-10734 Project Worlds Life Insurance Management System editPayment.php sql injection

A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /editPayment.php. The manipulation of the argument reciptno leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2024-10661

A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument scanList leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit...

CVE-2024-10662 Tenda AC15 SetOnlineDevName formSetDeviceName stack-based overflow

A vulnerability was found in Tenda AC15 15.03.05.19 and classified as critical. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit...

CVE-2024-10430

A vulnerability, which was classified as critical, has been found in Codezips Pet Shop Management System 1.0. This issue affects some unknown processing of the file /animalsupdate.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit ha...

CVE-2024-10411 SourceCodester Online Hotel Reservation System controller.php doCheckout sql injection

A vulnerability was found in SourceCodester Online Hotel Reservation System 1.0. It has been classified as critical. Affected is the function doCancelRoom/doCancel/doConfirm/doCancel/doCheckin/doCheckout of the file /marimar/admin/modroom/controller.php. The manipulation of the argument id leads ...

CVE-2024-10406

Summary (CVE-2024-10406) : A critical SQL injection vulnerability affects SourceCodester Petrol Pump Management Software 1.0 via the file /admin/edit_fuel.php, where manipulating the id parameter enables remote exploitation. Public exploits have been disclosed. Connected sources also reiterate th...

CVE-2024-10377 ESAFENET CDG DecryptApplicationService.java actionPassDecryptApplication1 sql injection

A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. This issue affects the function actionPassDecryptApplication1 of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be initiate...

CVE-2024-10292

A vulnerability was found in ZZCMS 2023 and classified as critical. This issue affects some unknown processing of the file 3/Ebak5.1/upload/ChangeTable.php. The manipulation of the argument savefilename leads to unrestricted upload. The attack may be initiated remotely. The exploit has been...