CVE-2024-12785

A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file sendmail.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The...

CVE-2024-12667

A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /invoices/view. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The...

CVE-2024-12654

A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Affected by this vulnerability is the function 0x220408 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. T...

CVE-2024-12482 cjbi wetech-cms Database Backup BackupFileUtil.java backup path traversal

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been rated as problematic. Affected by this issue is the function backup of the file wetech-cms-master\wetech-basic-common\src\main\java\tech\wetech\basic\util\BackupFileUtil.java of the component Database Backup Handler. The...

CVE-2024-12343

A vulnerability classified as critical has been found in TP-Link VN020 F3vT TTV6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be...

CVE-2024-12180 DedeCMS article_add.php cross site scripting

A vulnerability classified as problematic has been found in DedeCMS 5.7.116. Affected is an unknown function of the file /member/articleadd.php. The manipulation of the argument body leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2024-11996

A vulnerability was found in code-projects Farmacia 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /editar-fornecedor.php. The manipulation of the argument cidade leads to cross site scripting. The attack may be launched remotely. The exploit h...

CVE-2024-11997 code-projects Farmacia vendas.php cross site scripting

A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file /vendas.php. The manipulation of the argument notaFiscal leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-11967

The CVE-2024-11967 entry describes a SQL injection in PHPGurukul Complaint Management System 1.0, caused by an injectable parameter in /admin/reset-password.php (email). The vulnerability is exploitable remotely and is stated to have a publicly disclosed exploit. Connected sources consistently id...

CVE-2024-11860

CVE-2024-11860 affects SourceCodester Best House Rental Management System 1.0. The vulnerability exists in the POST Request Handler, specifically the file path /rental/ajax.php?action=delete_tenant, where manipulation of the argument id leads to improper authorization. This can be exploited remot...

CVE-2024-11819

CVE-2024-11819 affects the 1000 Projects Portfolio Management System MCA 1.0. The vulnerability is an SQL injection in /forgot_password_process.php caused by manipulating the username parameter. Impacted component is unknown code path in that file; attack can be initiated remotely, and the exploi...

CVE-2024-11660

A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file usuario.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed...

CVE-2024-11647

A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/view-appointment.php. The manipulation of the argument viewid leads to sql injection. The attack may be...

PT-2024-17154 · Unknown · 1000 Projects Beauty Parlour Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Beauty Parlour Management System version 1.0 Description: A critical vulnerability was found in the 1000 Projects Beauty Parlour Management System. The issue affects an unknown functionality of the file /admin/edit-services.php...

CVE-2024-11631

Concretely, CVE-2024-11631 affects itsourcecode Tailoring Management System 1.0. The vulnerability resides in the file /expedit.php where the expcat argument is unsafely processed, leading to SQL injection. This is a remote-accessible issue with potential high impact on confidentiality, integrity...

CVE-2024-11592

CVE-2024-11592 affects 1000 Projects Beauty Parlour Management System 1.0. The vulnerability is a SQL injection in the unknown code path of /admin/about-us.php triggered by manipulating the pagetitle parameter. It is remotely exploitable and has been publicly disclosed. Multiple connected sources...

CVE-2024-11587 idcCMS classProvCity.php GetCityOptionJs cross site scripting

A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2024-11261

A vulnerability, which was classified as critical, was found in SourceCodester Student Record Management System 1.0. Affected is an unknown function of the file StudentRecordManagementSystem.cpp of the component Number of Students Menu. The manipulation leads to memory corruption. Attacking local...

CVE-2024-11256

CVE-2024-11256 details (NORMAL) : Affects 1000 Projects Portfolio Management System MCA 1.0. The vulnerability is a SQL injection in the login.php flow caused by unsafely handling the username parameter, enabling remote abuse. Descriptions consistently classify this as critical with potential rem...

CVE-2024-11251

The CVE-2024-11251 entry concerns erzhongxmu Jeewms (up to 20241108). The issue is a SQL injection in the cgReportController.do file, affecting the AuthInterceptor component via manipulation of the begin_date argument. It is described as remotely initiable, with the exploit disclosed publicly; ve...