CVE-2024-11138 DedeCMS friendlink_add.php unrestricted upload

A vulnerability classified as problematic has been found in DedeCMS 5.7.116. This affects an unknown part of the file /dede/uploads/dede/friendlinkadd.php. The manipulation of the argument logoimg leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-11130

A vulnerability was found in ZZCMS up to 2023. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/msg.php. The manipulation of the argument keyword leads to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2024-11101

A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/search-invoices.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack...

CVE-2024-11101 1000 Projects Beauty Parlour Management System search-invoices.php sql injection

A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/search-invoices.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack...

CVE-2024-11099 code-projects Job Recruitment login.php sql injection

A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the...

CVE-2024-11097 SourceCodester Student Record Management System Main Menu infinite loop

A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Main Menu. The manipulation leads to infinite loop. Attacking locally is a requirement. The exploit has been disclosed to t...

CVE-2024-11077

CVE-2024-11077 affects code-projects Job Recruitment 1.0. The vulnerability is a SQL injection in an unknown function within /index.php triggered by manipulating the email parameter. Exploitation is remote and was disclosed publicly. Impact is described as high/critical across sources, with poten...

CVE-2024-11077 code-projects Job Recruitment index.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Job Recruitment 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to...

CVE-2024-11060 Jinher Network Collaborative Management Platform 金和数字化智能办公平台 AcceptShow.aspx sql injection

A vulnerability classified as critical has been found in Jinher Network Collaborative Management Platform 金和数字化智能办公平台 1.0. Affected is an unknown function of the file /C6/JHSoft.Web.AcceptAip/AcceptShow.aspx/. The manipulation of the argument id leads to sql injection. It is possible to launch th...

CVE-2024-11059

CVE-2024-11059 affects Project Worlds Free Download Online Shopping System up to 192.168.1.88. The vulnerability is in the file /online-shopping-webvsite-in-php-master/success.php, where manipulating the parameter id leads to SQL injection. This allows remote exploitation and has been publicly di...

CVE-2024-11057

CVE-2024-11057 is a confirmed vulnerability in Codezips Hospital Appointment System 1.0. The weakness resides in the file /removeBranchResult.php, where manipulation of the ID/Name parameter enables SQL injection. It is described as remotely exploitable, with public disclosures of exploits. Multi...

CVE-2024-11056 Tenda AC10 WifiExtraSet FUN_0046AC38 stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda AC10 16.03.10.13. Affected is the function FUN0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapskcrypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...

CVE-2024-10998

A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/processcategoryadd.php. The manipulation of the argument cat leads to sql injection. The attack may be initiated remotely. The...

CVE-2024-10993

Codezips Online Institute Management System 1.0 is affected by CVE-2024-10993 due to an issue in the website_image parameter of /manage_website.php, which allows unrestricted upload. The vulnerability enables remote exploitation and the exploit has been disclosed publicly. Technical details acros...

CVE-2024-10969

CVE-2024-10969 is a SQL injection vulnerability affecting the 1000 Projects Bookstore Management System 1.0, located in the Login component at /admin/login_process.php. The issue arises from manipulation of the unm parameter (and related unm/pwd variants) and is exploitable remotely, with the exp...

CVE-2024-10967

CVE-2024-10967 affects Code-Projects E-Health Care System 1.0. The vulnerability is an SQL injection in the /Doctor/delete_user_appointment_request.php file, triggered by manipulating the id argument. It is possible to launch remotely and public exploitation has been disclosed. Multiple sources c...

CVE-2024-10919 didi Super-Jacoco triggerUnitCover os command injection

A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cov/triggerUnitCover. The manipulation of the argument uuid leads to os command injection. The attack can be launched remotely. The exploit h...

CVE-2024-10916 D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L HTTP GET Request info.xml information disclosure

A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiat...

CVE-2024-10806 PHPGurukul Hospital Management System betweendates-detailsreports.php cross site scripting

A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability affects unknown code of the file betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be...

CVE-2024-10766 Codezips Free Exam Hall Seating Management System save_user.php unrestricted upload

A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. This issue affects some unknown processing of the file /pages/saveuser.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated...