88 matches found
Dynamic Transaction Queuing System SQL注入漏洞
Dynamic Transaction Queuing System is a dynamic transaction queuing system using PHP/MySQL by Carlo Montero, an individual developer. A security vulnerability exists in Dynamic Transaction Queuing System v1.0. An attacker can exploit this vulnerability to perform a SQL injection attack via...
CVE-2022-47790
Sourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable to SQL Injection via /queuing/index.php?page=display&id=. The root cause is an injection flaw in the id parameter of that endpoint. Impact per CVSS indicates high confidentiality, integrity, and availability with a total score o...
CVE-2022-45275
An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=savesettings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
Privilege escalation
An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=savesettings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
PT-2022-27454 · Unknown · Dynamic Transaction Queuing System
Name of the Vulnerable Software and Affected Versions: Dynamic Transaction Queuing System version 1.0 Description: The issue is related to an arbitrary file upload vulnerability in the "/queuing/admin/ajax.php?action=save settings" API endpoint. This vulnerability allows attackers to execute...
CVE-2022-45275
An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=savesettings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-45275
An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=savesettings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-45275
CVE-2022-45275 affects Dynamic Transaction Queuing System (DTQS) v1.0. The issue is an arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings that enables an attacker to execute arbitrary PHP code via a crafted file. Root cause appears to be improper handling/validati...