CVE-2024-10021 code-projects Pharmacy Management System manage_purchase.php sql injection

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /php/managepurchase.php?action=search&tag=VOUCHERNUMBER. The manipulation of the argument text leads to sql injection. The...

CVE-2024-9918

A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2024-9917

A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/templatecreat.php. The manipulation of the argument content leads to deserialization. It is possible to initiate the attack remotely. The explo...

CVE-2024-9918

The CVE-2024-9918 issue concerns HuangDou UTCMS V9, specifically the RunSql function in app/modules/ut-data/admin/sql.php. The vulnerability is a SQL injection caused by improper handling of the sql argument, with remote exploitation described as possible and the exploit publicly disclosed. Multi...

CVE-2024-9913

CVE-2024-9913 concerns D-Link DIR-619L B1 (firmware 2.06). The issue is a buffer overflow in the function formSetRoute (parameter curTime), potentially exploitable remotely via /goform/formSetRoute. Multiple sources confirm a high-severity impact (remote code execution/denial of service) with pub...

CVE-2024-9905

SourceCodester Online Eyewear Shop 1.0 contains a SQL injection vulnerability affecting the admin endpoint /admin/?page=inventory/view_inventory&id=2. The flaw arises from unsafely processing the id parameter, allowing remote attackers to manipulate the query. Multiple connected feeds corroborate...

CVE-2024-9904

CVE-2024-9904 affects 07FLYCMS, 07FLY-CMS and 07FlyCRM up to version 1.2.0. The flaw is in the function pictureUpload under /admin/File/pictureUpload, where manipulating the file argument enables unrestricted remote upload. Exploitation has been publicly disclosed; multiple sources corroborate th...

CVE-2024-9894 code-projects Blood Bank System reset.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file reset.php. The manipulation of the argument useremail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...

CVE-2024-9815

Codezips Tourist Management System 1.0 contains a vulnerability in /admin/create-package.php where the packageimage parameter enables unrestricted file uploads. Multiple connected sources confirm remote, unauthenticated-like exposure via this parameter, with the issue described as critical. Pract...

CVE-2024-9814

CVE-2024-9814 affects Codezips Pharmacy Management System 1.0. The vulnerability is in an unknown function of the file product/update.php, where manipulation of the id parameter enables SQL injection. It is exploitable remotely and exploits have been disclosed publicly. Multiple sources corrobora...

CVE-2024-9814 Codezips Pharmacy Management System update.php sql injection

A vulnerability, which was classified as critical, was found in Codezips Pharmacy Management System 1.0. Affected is an unknown function of the file product/update.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-9809

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is the function deleteproduct of the file /classes/Master.php?f=deleteproduct. The manipulation of the argument id leads to sql injection. The attack can be launch...

CVE-2024-9799

CVE-2024-9799 affects SourceCodester Profile Registration without Reload Refresh 1.0. The vulnerable component is add.php, where parameters such as email_address, address, company_name, job_title, and jobDescription can be manipulated to trigger cross-site scripting. The issue can be exploited re...

CVE-2024-9794

A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0. This issue affects some unknown processing of the file /update-image1.php. The manipulation of the argument productimage1 leads to unrestricted upload. The attack may be initiated remotely. T...

CVE-2024-9789

A vulnerability was found in LyLmespage 1.9.5 and classified as critical. This issue affects some unknown processing of the file /admin/apply.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may...

CVE-2024-9787 Contemporary Control System BASrouter BACnet BASRT-B UDP Packet denial of service

A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit...

CVE-2024-9786

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Affected by this issue is the function formSetLog of the file /goform/formSetLog. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has...

CVE-2024-9785 D-Link DIR-619L B1 formSetDDNS buffer overflow

A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formSetDDNS of the file /goform/formSetDDNS. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been...

CVE-2024-9782

A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely...

CVE-2024-9569

A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely...