CVE-2022-2420 URVE Web Manager uploader.php unrestricted upload

A vulnerability was found in URVE Web Manager. It has been rated as critical. This issue affects some unknown processing of the file internal/uploader.php. The manipulation leads to unrestricted upload. The attack needs to be approached within the local network. The exploit has been disclosed to...

CVE-2022-2418

The CVE-2022-2418 entry concerns URVE Web Manager. Affects the file kreator.html5/img_upload.php, where an unrestricted file upload is possible. Underlying cause is unsafe file upload handling in that component, enabling potentially malicious code or data to be uploaded. The vulnerability is clas...

CVE-2017-20126

A vulnerability was found in KB Affiliate Referral Script 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. It is possible to initiate the attack remotely...

Sql injection

A vulnerability was found in KB Affiliate Referral Script 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. It is possible to initiate the attack remotely...

CVE-2017-20127 KB Login Authentication Script sql injection

A vulnerability was found in KB Login Authentication Script 1.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack may be launched remotely. The exploit has...

CVE-2022-2364

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Parking Management System 1.0. This affects an unknown part of the file /cispms/admin/category. The manipulation of the argument vehicletype with the input "alert"XSS" leads to cross site scripting. It is...

Design/Logic Flaw

A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Affected is an unknown function of the file /pms/updateuser.php?userid=1. The manipulation of the argument profilepicture with the input leads to unrestricted upload. It is possib...

CVE-2022-2293

A vulnerability classified as problematic was found in SourceCodester Simple Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cissms/index.php/orders/create. The manipulation of the argument customername with the input alert"XSS" leads to cross...

CVE-2022-2292 SourceCodester Hotel Management System Room Edit Page 1 cross site scripting

A vulnerability classified as problematic has been found in SourceCodester Hotel Management System 2.0. Affected is an unknown function of the file /cihms/massageroom/edit/1 of the component Room Edit Page. The manipulation of the argument massageroomDetails with the input "alert"XSS" leads to...

PT-2022-15753 · Sourcecodester · Sourcecodester Clinics Patient Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Clinics Patient Management System version 2.0 Description: A critical issue has been found in the Login Page component, specifically in the file /pms/index.php. The manipulation of the user name argument with the input admin' o...

CVE-2017-20118

A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting DOM. The attack may be launched remotely. Th...

CVE-2017-20119 TrueConf Server change-lang redirect

A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirecturl leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclos...

CVE-2022-2212

A vulnerability was found in SourceCodester Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the component /card/index.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The...

CVE-2017-20075

A vulnerability was found in Hindu Matrimonial Script. It has been classified as critical. This affects an unknown part of the file /admin/payment.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2017-20069

A vulnerability classified as critical has been found in Hindu Matrimonial Script. This affects an unknown part of the file /admin/countrymanagement.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2017-20076

A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. This vulnerability affects unknown code of the file /admin/searchview.php. The manipulation leads to improper privilege management. The attack can be initiated remotely. The exploit has been disclosed to the...

Design/Logic Flaw

A vulnerability classified as critical has been found in Hindu Matrimonial Script. This affects an unknown part of the file /admin/countrymanagement.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

Design/Logic Flaw

A vulnerability has been found in Hindu Matrimonial Script and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/cms.php. The manipulation leads to improper privilege management. The attack can be launched remotely. The exploit has been disclose...

CVE-2017-20073

The CVE-2017-20073 entry concerns Hindu Matrimonial Script, where an improper privilege management flaw exists in the /admin/cms.php functionality. Multiple sources describe that this vulnerability can be triggered remotely and that the exploitable behavior involves privilege mismanagement in an ...

CVE-2017-20066

A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used...