93 matches found
PT-2023-20057 · Unknown · Online Reviewer Management System
Name of the Vulnerable Software and Affected Versions: Online Reviewer Management System version 1.0 Description: An issue was discovered in the Online Reviewer Management System, where there is a XSS vulnerability. This vulnerability can be exploited via the reviewer...
PT-2022-27075 · Unknown · Simmeth Lieferantenmanager
Name of the Vulnerable Software and Affected Versions: Simmeth Lieferantenmanager versions prior to 5.6 Description: An issue was discovered in the "/DS/LM API/api/SelectionService/InsertQueryWithActiveRelationsReturnId" API endpoint. This allows an attacker to execute JavaScript code in the...
CVE-2022-31358
A reflected cross-site scripting XSS vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/...
coder-chain_gdut 跨站脚本漏洞
coder-chaingdut is a binary image segmentation method based on lossless compression by the individual developer Wenyin Liu csliuwy. A security vulnerability exists in coder-chaingdut, which originates from an unknown function in file /back/index.php/user/User/?1, which is manipulated to cause...
CVE-2022-44402
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=deletetransaction...
PT-2022-26283 · Unknown · Open Source Sacco Management System
Name of the Vulnerable Software and Affected Versions: Open Source SACCO Management System version 1.0 Description: The issue concerns SQL Injection, which can be exploited via the "/sacco shield/manage payment.php" API endpoint. Recommendations: For Open Source SACCO Management System version 1....
PT-2022-22549 · Otfcc +1 · Otfcc +1
Name of the Vulnerable Software and Affected Versions: OTFCC commit 617837b Description: A heap buffer overflow issue has been discovered in OTFCC commit 617837b via the "/release-x64/otfccdump+0x6e420d" endpoint. This issue can be exploited, potentially leading to security breaches...
PT-2022-23456 · Unknown · Edoc-Doctor-Appointment-System
Name of the Vulnerable Software and Affected Versions: Edoc-doctor-appointment-system version 1.0.1 Description: A SQL injection issue was found in the Edoc-doctor-appointment-system via the id parameter at the "/patient/booking.php" API endpoint. Recommendations: For Edoc-doctor-appointment-syst...
PT-2022-23240 · Wuzhicms · Wuzhi Cms
Name of the Vulnerable Software and Affected Versions: Wuzhicms version 4.1.0 Description: A directory traversal issue was found in Wuzhicms via the /coreframe/app/attachment/admin/index.php endpoint. Recommendations: For Wuzhicms version 4.1.0, consider restricting access to the...
CVE-2022-30838
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=updateapplicationstatus...
Water-billing-management-system SQL注入漏洞
Water-billing-management-system is a water billing management system. SQL injection vulnerability exists in Water-billing-management-system v1.0. An attacker can exploit this vulnerability to conduct SQL injection attacks via /wbms/classes/Master.php?f=deleteclient...
Simple Client Management System SQL注入漏洞
Simple Client Management System is a simple client management system from Carlo Montero's personal developer. version 1.0 of Simple Client Management System is vulnerable to a SQL injection vulnerability that originates in /cms/admin/?page=user/ The vulnerability is caused by the lack of validati...
PT-2019-12274 · Owasp +1 · Owasp Modsecurity Core Rule Set +1
Name of the Vulnerable Software and Affected Versions: OWASP ModSecurity Core Rule Set CRS versions through 3.1.0 Description: An issue was discovered in OWASP ModSecurity Core Rule Set CRS that allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with...