CVE-2024-10806 PHPGurukul Hospital Management System betweendates-detailsreports.php cross site scripting

A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability affects unknown code of the file betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be...

CVE-2024-10766 Codezips Free Exam Hall Seating Management System save_user.php unrestricted upload

A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. This issue affects some unknown processing of the file /pages/saveuser.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated...

CVE-2024-10761

A vulnerability was found in Umbraco CMS up to 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is...

CVE-2024-10757 PHPGurukul Online Shopping Portal js_data.php cross site scripting

A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Shopping Portal 2.0. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unittesting/templates/jsdata.php. The manipulation of the argument scripts leads t...

CVE-2024-10754

CVE-2024-10754 | PHPGurukul Online Shopping Portal 2.0 suffers a cross-site scripting flaw in /admin/assets/plugins/DataTables/media/unit_testing/templates/dymanic_table.php. The issue stems from inadequate filtering/escaping of the scripts parameter, enabling remote exploitation. Exploit details...

CVE-2024-10753

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. This vulnerability affects unknown code of the file admin/assets/plugins/DataTables/media/unittesting/templates/domdatatwoheaders.php. The manipulation of the argument scripts leads to cross...

CVE-2024-10752

A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /productsadd.php. The manipulation of the argument id/name leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2024-10747

The CVE-2024-10747 entry concerns PHPGurukul Online Shopping Portal 2.0. The vulnerability is in /admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_th.php, where lack of input filtering/escaping for the scripts parameter allows cross-site scripting. A remote attacker can explo...

CVE-2024-10744

CVE-2024-10744 affects PHPGurukul Online Shopping Portal 2.0, specifically the /admin/assets/plugins/DataTables/media/unit_testing/templates/complex_header_2.php functionality. The issue is a cross-site scripting flaw triggered by manipulating the scripts parameter, enabling remote exploitation. ...

CVE-2024-10741

A vulnerability has been found in code-projects E-Health Care System 1.0 and classified as critical. This vulnerability affects unknown code of the file /Users/registration.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has be...

CVE-2024-10742 code-projects Wazifa System control.php sql injection

A vulnerability was found in code-projects Wazifa System 1.0 and classified as critical. This issue affects some unknown processing of the file /controllers/control.php. The manipulation of the argument to leads to sql injection. The attack may be initiated remotely. The exploit has been disclose...

CVE-2024-10735

CVE-2024-10735 affects Project Worlds Life Insurance Management System 1.0. The vulnerability is in the file /editNominee.php, where manipulation of the nominee_id parameter leads to an SQL injection. The issue is remotely exploitable and publicly disclosed. Affected scope is the system’s ability...

CVE-2024-10700

CVE-2024-10700 affects code-projects University Event Management System 1.0. A SQL injection vulnerability exists in submit.php via multiple parameters (name, email, title, Year, gender, fromdate, todate, people, etc.). The attack is remotely exploitable; public disclosures exist. Several sources...

CVE-2024-10697

CVE-2024-10697 affects Tenda AC6 (firmware 15.03.05.19) with a vulnerability in the formWriteFacMac() function of the /goform/WriteFacMac API endpoint. The mac parameter can be manipulated to induce command injection, and the issue is exploitable remotely with publicly disclosed exploits. Multipl...

CVE-2024-10661

CVE-2024-10661 affects Tenda AC15 firmware 15.03.05.19; the flaw is a stack-based buffer overflow in the function SetDlnaCfg at /goform/SetDlnaCfg triggered by manipulating the scanList parameter. This enables remote exploitation with arbitrary code execution in the device context, and the exploi...

CVE-2024-10658

CVE-2024-10658 affects Tongda OA up to 11.10. The vulnerability is an SQL injection in the file /pda/approve_center/check_seal.php triggered by manipulating the ID parameter. It is remote-accessible and has been publicly disclosed. Several sources identify a SQL injection impact on the affected f...

CVE-2024-10616

A vulnerability classified as critical has been found in Tongda OA up to 11.9. This affects an unknown part of the file /pda/workflow/webSignSubmit.php. The manipulation of the argument saleId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed t...

CVE-2024-10619

Tongda OA 2017 up to 11.10 contains a SQL injection in /pda/reportshop/next_detail.php via the repid parameter. The vulnerability is exploitable remotely and exploitation has been disclosed publicly. Affected component: the next_detail.php endpoint handling repid; root cause: unsanitized input le...

CVE-2024-10610 ESAFENET CDG ProtocolService.java delProtocol sql injection

A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function delProtocol of the file /com/esafenet/servlet/system/ProtocolService.java. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The...

CVE-2024-10607

A vulnerability was found in code-projects Courier Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /track-result.php. The manipulation of the argument Consignment leads to sql injection. The attack can be initiated remotely. The exploit...