CVE-2024-6187

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/vpn/autovpn/subcommit.php. The manipulation of the argument key leads to os command injection. The attack can be initiated remotely. The exploit has been...

CVE-2024-6128 spa-cartcms Checkout Page checkout behavioral workflow

A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. T...

CVE-2024-6112 itsourcecode Pool of Bethesda Online Reservation System index.php sql injection

A vulnerability classified as critical was found in itsourcecode Pool of Bethesda Online Reservation System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument logemail leads to sql injection. The attack can be initiated remotely. The exploit has...

PT-2024-37405 · Unknown · Spa-Cartcms

Name of the Vulnerable Software and Affected Versions: spa-cartcms version 1.9.0.6 Description: A problematic issue was found in the Username Handler component, specifically in the /login file, where manipulating the email argument leads to observable behavioral discrepancy. This issue can be...

CVE-2024-6013 itsourcecode Online Book Store admin_delete.php sql injection

A vulnerability was found in itsourcecode Online Book Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file admindelete.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2024-6005 ZKTeco ZKBio CVSecurity V5000 Department Section cross site scripting

A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. The attack can be...

CVE-2024-5983

A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file bookPerPub.php. The manipulation of the argument pubid leads to sql injection. The attack can be launched remotely. The exploit...

PT-2024-37294 · Unknown · Sourcecodester Best Online News Portal

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Online News Portal version 1.0 Description: A critical vulnerability has been found in the software, affecting an unknown part of the file /admin/index.php. The manipulation of the username argument leads to SQL injection...

CVE-2024-5772

A vulnerability, which was classified as critical, has been found in Netentsec NS-ASG Application Security Gateway 6.3. This issue affects some unknown processing of the file /protocol/iscuser/deleteiscuser.php. The manipulation of the argument messagecontent leads to sql injection. The attack ma...

CVE-2024-5391

A vulnerability has been found in itsourcecode Online Student Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file listofsubject.php. The manipulation of the argument subjcode leads to sql injection. The attack can be launched...

CVE-2024-5377

A vulnerability was found in SourceCodester Vehicle Management System 1.0. It has been classified as critical. This affects an unknown part of the file /newvehicle.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

CVE-2024-5337 Ruijie RG-UAC user_commit.php os command injection

A vulnerability was found in Ruijie RG-UAC up to 20240516 and classified as critical. This issue affects some unknown processing of the file /view/systemConfig/sysuser/usercommit.php. The manipulation of the argument email2/username leads to os command injection. The attack may be initiated...

CVE-2024-5231

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view/teachersalarydetails.php. The manipulation of the argument index leads to sql injection. The attack may be...

CVE-2024-5122

A vulnerability was found in SourceCodester Event Registration System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registrar/. The manipulation of the argument search leads to sql injection. The attack may be launched remotely. The exploit...

CVE-2024-5110

CVE-2024-5110 affects Campcodes Complete Web-Based School Management System 1.0. The vulnerability is an SQL injection in /view/student_payment_invoice.php triggered by manipulation of the index parameter. An attacker may exploit remotely; public disclosure of the exploit is indicated. No concret...

CVE-2024-5107

A vulnerability, which was classified as critical, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/studentpaymentdetails2.php. The manipulation of the argument index leads to sql injection. The attack may be...

CVE-2024-5105

A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/studentpaymentdetails.php. The manipulation of the argument index leads to sql injection. It is possible to initiate the attack...

CVE-2024-5048

A vulnerability classified as critical was found in code-projects Budget Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument edit leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2024-4973 code-projects Simple Chat System register.php sql injection

A vulnerability classified as critical was found in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file /register.php. The manipulation of the argument name/number/address leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2024-4963 D-Link DAR-7000-40 url.php unrestricted upload

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DAR-7000-40 V31R02B1413C. This affects an unknown part of the file /url/url.php. The manipulation of the argument fileupload leads to unrestricted upload. It is possible to initiate the attack remotel...