CVE-2024-7284

CVE-2024-7284 affects SourceCodester Lot Reservation Management System 1.0. The vulnerability exists in the /admin/ajax.php?action=save_settings endpoint where manipulation of the about parameter enables cross-site scripting. Exploitation can be performed remotely, and public disclosures of the e...

CVE-2024-7194 itsourcecode Society Management System check_student.php sql injection

A vulnerability was found in itsourcecode Society Management System 1.0 and classified as critical. This issue affects some unknown processing of the file checkstudent.php. The manipulation of the argument studentid leads to sql injection. The attack may be initiated remotely. The exploit has bee...

CVE-2024-7175

A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182B20201102 and classified as critical. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection. The attack can be initiated...

CVE-2024-7174

TOTOLINK A3600R is affected by a buffer overflow in the setdeviceName function of /cgi-bin/cstecgi.cgi. Manipulating deviceMac/deviceName can trigger remote code execution; exploitation has been publicly disclosed. Affected version: 4.1.2cu.5182_B20201102. Public advisories corroborate remote imp...

CVE-2024-7166 SourceCodester School Fees Payment System receipt.php sql injection

A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been classified as critical. Affected is an unknown function of the file /receipt.php. The manipulation of the argument efid leads to sql injection. It is possible to launch the attack remotely. The exploit has bee...

CVE-2024-7120

A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file listbaseconfig.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible...

CVE-2024-6935 formtools.org Form Tools User Settings Page cross site scripting

A vulnerability classified as problematic was found in formtools.org Form Tools 3.1.1. This vulnerability affects unknown code of the file /admin/clients/ of the component User Settings Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has bee...

PT-2024-37978 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.114 Description: A critical issue has been found in DedeCMS, affecting an unknown part of the file article template rand.php. This issue leads to code injection and can be initiated remotely. The exploit has been disclosed...

CVE-2024-6902

A vulnerability classified as critical was found in SourceCodester Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file sortuser.php. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has...

CVE-2024-6808

A vulnerability was found in itsourcecode Simple Task List 1.0. It has been classified as critical. This affects the function insertUserRecord of the file signUp.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2024-6801

A vulnerability, which was classified as critical, has been found in SourceCodester Online Student Management System 1.0. This issue affects some unknown processing of the file /add-students.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated...

CVE-2024-6735

A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file setgeneral.php. The manipulation of the argument sitename/email/mobile/sms/currency leads to sql injection. The attack can be initiated...

PT-2024-37842 · Naibowang · Naibowang Easyspider

Name of the Vulnerable Software and Affected Versions: NaiboWang EasySpider version 0.6.2 Description: A problematic vulnerability was found in the HTTP GET Request Handler component of NaiboWang EasySpider, specifically in the file server.js. The issue allows for path traversal when an attacker...

CVE-2024-6733

A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file templateedit.php. The manipulation of the argument id/title/msg leads to sql injection. The attack may be launched remotely. The...

CVE-2024-6732

CVE-2024-6732 affects SourceCodester Student Study Center Desk Management System 1.0. The vulnerability is in the /sscdms/classes/Users.php?f=save path, where manipulation of the id parameter enables SQL injection. Exploitation is remote and public/exploitable disclosures exist. Product is affect...

CVE-2024-6681 witmy my-springsecurity-plus dept sql injection

A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this issue is some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to sql injection. The attack may be launched...

CVE-2024-6417

The CVE-2024-6417 entry concerns SourceCodester Simple Online Bidding System 1.0. The vulnerability is a SQL injection in the admin endpoint /admin/ajax.php?action=delete_user triggered by the id parameter. It is described as remote, with public exploit availability. Impact is SQL injection; in t...

CVE-2024-6402

A vulnerability classified as critical was found in Tenda A301 15.13.08.12. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely...

CVE-2024-6373

The CVE-2024-6373 issue affects itsourcecode Online Food Ordering System (up to v1.0). The vulnerability is in the /addproduct.php file, where manipulating the photo parameter leads to unrestricted file upload. This can be triggered remotely and the exploit has public disclosure. Multiple connect...

CVE-2024-6213 SourceCodester Food Ordering Management System Login Panel login.php sql injection

A vulnerability was found in SourceCodester Food Ordering Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file login.php of the component Login Panel. The manipulation of the argument username leads to sql injection. It is possible to initiate...