CVE-2024-9079

A vulnerability was found in code-projects Student Record System 1.0 and classified as critical. This issue affects some unknown processing of the file /marks.php. The manipulation of the argument coursename leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2024-9079

CVE-2024-9079 affects code-projects Student Record System 1.0 (marks.php). The vulnerability is a SQL injection caused by improper handling of the coursename parameter in /marks.php, enabling remote attacker input to alter queries. Exploitation is described as possible over the network with low a...

CVE-2024-9078 code-projects Student Record System course.php sql injection

A vulnerability has been found in code-projects Student Record System 1.0 and classified as critical. This vulnerability affects unknown code of the file /course.php. The manipulation of the argument coursename leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2024-9041

CVE-2024-9041 affects SourceCodester Best House Rental Management System 1.0. The vulnerability is an SQL injection in the file /ajax.php?action=update_account caused by improper handling of the firstname/lastname/email parameters. It is exploitable remotely over the network with low privileges a...

CVE-2024-9041 SourceCodester Best House Rental Management System ajax.php sql injection

A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=updateaccount. The manipulation of the argument firstname/lastname/email leads to sql injection. The attack can...

CVE-2024-9036

A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. This issue affects some unknown processing of the file adminadd.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been...

CVE-2024-9038 Codezips Online Shopping Portal insert-product.php unrestricted upload

A vulnerability classified as problematic was found in Codezips Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation of the argument productimage1/productimage2/productimage3 leads to unrestricted upload. The attac...

CVE-2024-9037

CVE-2024-9037 affects Codezips Internal Marks Calculation 1.0. The vulnerability is an SQL injection in an unknown function of the file index.php triggered by manipulating the tid parameter, allowing remote execution of queries. Multiple sources (NVD, Red Hat, CVE list, and others) confirm a crit...

CVE-2024-9034

A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploi...

CVE-2024-9003

CVE-2024-9003 affects Jinan Chicheng/JFlow 2.0.0. The vulnerability is in the function AttachmentUploadController of the Attachment Handler, in file "/WF/Ath/EntityMutliFile_Load.do". The issue stems from manipulation of the argument oid , which leads to improper access controls and potentially e...

CVE-2024-9001 TOTOLINK T10 cstecgi.cgi setTracerouteCfg os command injection

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. The...

PYSEC-2024-87

A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpzasbytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and ma...

CVE-2024-8944

A vulnerability, which was classified as critical, was found in code-projects Hospital Management System 1.0. This affects an unknown part of the file checkavailability.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit...

CVE-2024-8875

A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to t...

CVE-2024-8762

A vulnerability was found in code-projects Crud Operation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatedata.php. The manipulation of the argument sid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-8611

CVE-2024-8611 affects the itsourcecode Tailoring Management System 1.0. The vulnerability is in the file ssms.php, where manipulating the public parameter customer leads to SQL injection. Exploitation is described as remote, and multiple connected sources corroborate the issue. No patch/version r...

CVE-2024-8605

CVE-2024-8605 affects code-projects Inventory Management 1.0, specifically the Registration Form component in the /view/registration.php file. The issue is a cross-site scripting flaw triggered by manipulating input such as , with remote initiation and public disclosure of exploits. Multiple conn...

CVE-2024-8579 TOTOLINK AC1200 T8 cstecgi.cgi setWiFiRepeaterCfg buffer overflow

A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is possible to initiate the attack remotely. The...

CVE-2024-8577 TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setStaticDhcpRules buffer overflow

A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861B20230220/4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. T...

CVE-2024-8577

CVE-2024-8577 affects TOTOLINK AC1200 T8 and T10 (versions 4.1.5cu.861 B20230220 through 4.1.8cu.5207). The vulnerability resides in the function setStaticDhcpRules of /cgi-bin/cstecgi.cgi, where improper handling of the desc parameter can trigger a buffer overflow. It is exploitable remotely, an...