CVE-2024-8208 nafisulbari/itsourcecode Insurance Management System editClient.php cross site scripting

A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can ...

CVE-2024-8172

A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Attendance System 1.0. This issue affects some unknown processing of the file /endpoint/delete-student.php. The manipulation of the argument student/attendance leads to cross site scripting. The attack...

CVE-2024-8173

CVE-2024-8173 affects the Blood Bank System v1.0 from code-projects. The vulnerability is an SQL injection in the login page’s /login.php, triggered by manipulating the non-specified intriguingly named argument “user.” It is exploitable remotely and the exploit has been publicly disclosed. Severa...

CVE-2024-8167

CVE-2024-8167 affects code-projects Job Portal 1.0, with a SQL injection in the /forget.php page via manipulated email or mobile parameters. This vulnerability is exploitable remotely and the exploit has been disclosed publicly. Connected sources corroborate the issue and describe the impact as a...

CVE-2024-8167 code-projects Job Portal forget.php sql injection

A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /forget.php. The manipulation of the argument email/mobile leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...

CVE-2024-8162

A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/webcste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to hard-coded credentials. It is possible to launch the attack...

CVE-2024-8151

A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack...

CVE-2024-8144

A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Logo Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2024-8112 thinkgem JeeSite Cookie login cross site scripting

A vulnerability was found in thinkgem JeeSite 5.3. It has been rated as problematic. This issue affects some unknown processing of the file /js/a/login of the component Cookie Handler. The manipulation of the argument skinName leads to cross site scripting. The attack may be initiated remotely. T...

CVE-2024-8084 SourceCodester Online Computer and Laptop Store Setting SystemSettings.php cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /php-ocls/classes/SystemSettings.php?f=updatesettings of the component Setting Handler. The manipulation of the argument System Name lea...

CVE-2024-7930

A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pms/ajax/getpackings.php. The manipulation of the argument medicineid leads to sql injection. The attack can be initiated remotel...

CVE-2024-7925

CVE-2024-7925 (ZZCMS 2023) affects the component handling file 3/E_bak5.1/upload/eginfo.php. The issue arises from manipulating the phome argument with the input ShowPHPInfo, which leads to information disclosure. The vulnerability supports remote exploitation (attack vector: network). The availa...

CVE-2024-7921

CVE-2024-7921 affects Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. The vulnerability concerns an improper access control in the file /report/ParkOutRecord/GetDataList, exposing an unknown functionality that can be manipulated remotely. Public exploit disclosure i...

CVE-2024-7920

CVE-2024-7920 affects Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805, with an access-control flaw in the file /Report/ParkCommon/GetParkInThroughDeivces. The issue is exploitable remotely and the exploit has been disclosed publicly. Multiple connected documents conf...

CVE-2024-7914 SourceCodester Yoga Class Registration System SystemSettings.php cross site scripting

A vulnerability classified as problematic has been found in SourceCodester Yoga Class Registration System 1.0. Affected is an unknown function of the file /php-ycrs/classes/SystemSettings.php. The manipulation of the argument address leads to cross site scripting. It is possible to launch the...

CVE-2024-7911

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /simple-online-bidding-system/bidding/index.php. The manipulation of the argument page leads to file inclusion. It is possible to initiate the...

CVE-2024-7910 CodeAstro Online Railway Reservation System Profile Photo Update emp-profile-avatar.php unrestricted upload

A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. The...

CVE-2024-7903 DedeBIZ File Extension media_add.php unrestricted upload

A vulnerability was found in DedeBIZ 6.3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/mediaadd.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack can be...

CVE-2024-7901

CVE-2024-7901 affects Scada-LTS 2.7.8, specifically the Message Handler component. The vulnerability stems from an unknown functionality in the file /Scada-LTS/app.shtm#/alarms/Scada, enabling remote cross-site scripting. The exploit has been publicly disclosed. Remediation: a fix is planned for ...

CVE-2024-7898

CVE-2024-7898 affects Tosei Online Store Management System (versions 4.02–4.04) and targets the Backend component. The root cause is the use of default credentials, enabling remote exploitation. Public exploit information exists; vendor did not respond to disclosure. Impact is high across confide...