943 matches found
EasyEvent <= 1.0.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Got to https://example.com/wp-admin/options-general.php?page=easyevent 2. In the ID fiel...
CVE-2024-3797
A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-bookmark.php?bookmark=1. The manipulation of the argument bookmark leads to sql injection. The attack can be initiated...
CVE-2024-3765
CVE-2024-3765 affects Xiongmai devices (AHB7804R-MH-V2, AHB8004T-GL, AHB8008T-GL, AHB7004T-GS-V3, AHB7004T-MHV2, AHB8032F-LME, XM530_R80X30-PQ_8M) in the Sofia Service. The vulnerability stems from improper access controls triggered by manipulating a specific input sequence (ff0000000000000000000...
CVE-2024-3720
A vulnerability has been found in Tianwell Fire Intelligent Command Platform 1.1.1.1 and classified as critical. This vulnerability affects unknown code of the file /mfsNotice/page of the component API Interface. The manipulation of the argument gsdwid leads to sql injection. The attack can be...
CVE-2024-3698
CVE-2024-3698 affects Campcodes House Rental Management System 1.0, specifically the function manage_payment.php. The vulnerability arises from unsafely handling the id parameter, enabling SQL injection. It is exploitable remotely and has been publicly disclosed. The PRIMARY impact is information...
CVE-2024-3617
Summary of CVE-2024-3617 : A SQL injection vulnerability affects SourceCodester Kortex Lite Advocate Office Management System 1.0, specifically in the file /control/deactivate_case.php where manipulating the argument id enables injection. The issue is exploitable remotely over the network with li...
CVE-2024-3614 SourceCodester Warehouse Management System customer.php cross site scripting
A vulnerability classified as problematic has been found in SourceCodester Warehouse Management System 1.0. This affects an unknown part of the file customer.php. The manipulation of the argument namacustomer/alamatcustomer/notelpcustomer leads to cross site scripting. It is possible to initiate...
CVE-2024-3542
A vulnerability classified as problematic was found in Campcodes Church Management System 1.0. This vulnerability affects unknown code of the file /admin/addvisitor.php. The manipulation of the argument mobile leads to cross site scripting. The attack can be initiated remotely. The exploit has be...
CVE-2024-3536 Campcodes Church Management System delete_log.php sql injection
A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/deletelog.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has be...
CVE-2024-3529
The CVE-2024-3529 entry concerns Campcodes Complete Online Student Management System 1.0. The vulnerability affects an unknown portion of the file students_view.php, where manipulation of the FirstRecord argument enables cross-site scripting. It is possible to initiate the attack remotely, and th...
CVE-2024-3442 SourceCodester Prison Management System delete_leave.php sql injection
A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. This affects an unknown part of the file /Employee/deleteleave.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2024-3437
CVE-2024-3437 affects SourceCodester Prison Management System 1.0, specifically the Avatar Handler in /Admin/add-admin.php. The avatar parameter can be manipulated to achieve unrestricted file upload, enabling remote exploitation. Multiple sources confirm a remote, unauthenticated impact with pub...
CVE-2024-3431
CVE-2024-3431 (EyouCMS 1.6.5) involves a deserialization vulnerability in the Backend at the file path /login.php?m=admin&c=Field&a=channel_edit, where manipulating the argument channel_id leads to code execution. The issue is exploitable remotely and has public exploits/disclosures. Multiple sou...
CVE-2024-3418
CVE-2024-3418 affects SourceCodester Online Courseware 1.0, due to an SQL injection in admin/deactivateteach.php where the selector argument is manipulated. The vulnerability allows remote exploitation and has been publicly disclosed. Several connected sources confirm the issue and indicate the a...
CVE-2024-3417
CVE-2024-3417 concerns SourceCodester Online Courseware 1.0. The vulnerability is in the admin/saveeditt.php file where manipulating the contact parameter leads to SQL injection. Attack could be remote; exploit has been disclosed publicly. Impact is described as high for confidentiality, integrit...
Xuxueli xxl-job template injection vulnerability
A vulnerability classified as problematic was found in Xuxueli xxl-job version 2.4.0. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has been disclosed ...
CVE-2024-3363 SourceCodester Online Library System index.php sql injection
A vulnerability was found in SourceCodester Online Library System 1.0. It has been classified as critical. This affects an unknown part of the file admin/borrowed/index.php. The manipulation of the argument BookPublisher/BookTitle leads to sql injection. It is possible to initiate the attack...
CVE-2024-3354
CVE-2024-3354 affects SourceCodester Aplaya Beach Resort Online Reservation System v1.0. A SQL injection can be triggered via the id parameter in admin/mod_users/index.php, with remote access and a high/severe impact profile as described by multiple sources. The vulnerability arises from an unkno...
CVE-2024-3351
SourceCodester Aplaya Beach Resort Online Reservation System 1.0 is affected by a SQL injection in the admin/mod_roomtype/index.php file via the id parameter. Exploitation can be performed remotely and has been disclosed publicly. The CVE entry notes a critical impact (NVD CVSSv3.1: 9.8) with hig...
CVE-2024-3321
The CVE-2024-3321 issue affects SourceCodester eLearning System 1.0 , specifically the Maintenance Module . The root cause is manipulation of the Subject Code/Description argument, enabling cross-site scripting (XSS) . The vulnerability allows remote initiation of an attack and has been publicly ...