CVE-2024-6065

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument useremail leads to sql injection. The attack may be initiated remotely. The exploit has be...

CVE-2024-6043

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file adminclass.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploi...

CVE-2024-5983

A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file bookPerPub.php. The manipulation of the argument pubid leads to sql injection. The attack can be launched remotely. The exploit...

CVE-2024-5983

The CVE-2024-5983 entry concerns itsourcecode Online Bookstore version 1.0. The vulnerability lies in an unknown functionality of the file bookPerPub.php, where manipulation of the pubid argument leads to SQL injection. It can be exploited remotely and, per sources, the exploit has been disclosed...

CVE-2024-5893

A vulnerability classified as critical has been found in SourceCodester Cab Management System 1.0. This affects an unknown part of the file /cms/classes/Users.php?f=deleteclient. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploi...

CVE-2024-5589

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /admin/configMT.php?action=delete. The manipulation of the argument Mid leads to sql injection. It is possible to initiate the attack...

CVE-2024-5516

CVE-2024-5516 affects itsourcecode Online Blood Bank Management System 1.0. The vulnerability is a SQL injection in massage.php triggered by manipulating the bid parameter, exploitable remotely and reportedly disclosed publicly. Several connected sources corroborate the file and parameter, with i...

CVE-2024-5379

CVE-2024-5379 is a cross-site scripting (XSS) vulnerability affecting JFinalCMS up to 20240111. The issue arises from manipulating the directory argument of the file under /admin/template , leading to XSS. The vulnerability can be exploited remotely and the exploit has been publicly disclosed. Mu...

CVE-2024-5377

CVE-2024-5377 affects SourceCodester Vehicle Management System 1.0. The vulnerability lies in /newvehicle.php where the file parameter can be manipulated to achieve unrestricted file upload, enabling remote exploitation. Multiple sources (NVD/CVE records) classify this as critical with network ac...

CVE-2024-5375 Kashipara College Management System submit_student.php cross site scripting

A vulnerability has been found in Kashipara College Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file submitstudent.php. The manipulation of the argument address leads to cross site scripting. The attack can be launched...

CVE-2024-5370

Summary (CVE-2024-5370): Kashipara College Management System 1.0 is affected. The vulnerability is a cross-site scripting (XSS) flaw in submit_enroll_staff.php where the class_name parameter can be manipulated to inject scripts. The issue may be exploitable remotely and has had public disclosure ...

CVE-2024-5361

CVE-2024-5361 refers to a SQL injection vulnerability in PHPGurukul Zoo Management System 2.1, specifically in the file /admin/normal-bwdates-reports-details.php where the parameter fromdate can be manipulated to trigger database injection. Several connected records corroborate remote exploitatio...

CVE-2024-5357

A vulnerability has been found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely...

CVE-2024-5354

Summary: CVE-2024-5354 affects the anji-plus AJ-Report product (versions up to 1.4.1). The vulnerability exists in the /reportShare/detailByCode endpoint, where manipulating the shareToken can disclose information. It is exploitable remotely over a network. Public exploitation has been disclosed....

CVE-2024-5353

A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.1. This affects the function decompress of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

CVE-2024-5350 anji-plus AJ-Report pageList sql injection

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2024-5340

CVE-2024-5340 affects Ruijie RG-UAC (up to 20240516). The vulnerability is in the file /view/vpn/autovpn/sub_commit.php where manipulating the input key triggers an OS command injection . It can be exploited remotely, and public exploit details exist. The CVSS metrics in the initial data indicate...

CVE-2023-7259

DISPUTED A vulnerability was found in zzdevelop lenosp up to 20230831. It has been classified as problematic. This affects an unknown part of the component Adduser Page. The manipulation of the argument username with the input alert1 leads to cross site scripting. It is possible to initiate the...

CVE-2024-5279

The CVE-2024-5279 entry affects Qiwen Netdisk up to version 1.4.0, with a vulnerability in the File Rename Handler that allows stored cross-site scripting via a crafted file name. The attack vector is network-based and can be triggered remotely; it uses an input such as , and the vulnerability is...

CVE-2024-5240

The CVE-2024-5240 entry pertains to Campcodes Complete Web-Based School Management System v1.0, with a SQL injection in the /view/unread_msg.php file caused by manipulating the my_index argument. Multiple connected sources confirm remote exploitation and public disclosure of the exploit. Concrete...