CVE-2024-3351

SourceCodester Aplaya Beach Resort Online Reservation System 1.0 is affected by a SQL injection in the admin/mod_roomtype/index.php file via the id parameter. Exploitation can be performed remotely and has been disclosed publicly. The CVE entry notes a critical impact (NVD CVSSv3.1: 9.8) with hig...

CVE-2024-3321

The CVE-2024-3321 issue affects SourceCodester eLearning System 1.0 , specifically the Maintenance Module . The root cause is manipulation of the Subject Code/Description argument, enabling cross-site scripting (XSS) . The vulnerability allows remote initiation of an attack and has been publicly ...

CVE-2024-3316

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/category/viewcategory.php. The manipulation of the argument id leads to sql injection. The attack...

CVE-2024-3315

The CVE-2024-3315 flaw affects SourceCodester Computer Laboratory Management System 1.0, specifically an unknown function in classes/user.php where manipulating the id parameter enables SQL injection. The issue can be exploited remotely, and exploitation has been disclosed publicly (VDB-259386). ...

CVE-2024-3253

CVE-2024-3253 affects SourceCodester Internship Portal Management System 1.0, specifically the vulnerable component in file admin/add_admin.php . The issue arises from manipulating the name/username/password parameters, enabling remote SQL injection. Multiple connected sources confirm a critical ...

CVE-2024-3223

CVE-2024-3223 affects SourceCodester PHP Task Management System 1.0. The vulnerability resides in the unknown function within the file admin-manage-user.php , where manipulating the parameter admin_id leads to SQL injection . It can be exploited remotely, and public disclosures exist. Connected s...

Import WP < 2.13.1 - Admin+ Server-side Request Forgery

Description The plugin does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations. 1. As an admin, create a new importer in /wp-admin/tools.php?page=importwp 2. Visit /wp-admin/admin-ajax.php?action=rest-nonce and...

CVE-2024-3147

CVE-2024-3147 affects DedeCMS 5.7, with the vulnerable element in the file /src/dede/makehtml_map.php. The issue is a cross-site request forgery that can be triggered remotely, and public exploitation has been disclosed. The vulnerability has been consistently described across sources (NVD, CVE r...

CVE-2024-3145 DedeCMS makehtml_js_action.php cross-site request forgery

A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/makehtmljsaction.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to...

CVE-2024-3124

CVE-2024-3124 affects fridgecow smartalarm 1.8.1 on Android. The vulnerability targets the Backup File Handler component (unknown part of androidmanifest.xml) and leads to exposure of backup files to an unauthorized control sphere. An attack can be launched on the physical device; the exploit has...

CVE-2024-3006

A vulnerability classified as critical was found in Tenda FH1205 2.0.0.7775. This vulnerability affects the function fromSetRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument entrys leads to stack-based buffer overflow. The attack can be initiated remotely. The...

CVE-2024-3002

A vulnerability, which was classified as critical, was found in code-projects Online Book System 1.0. Affected is an unknown function of the file /description.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-2994

A vulnerability was found in Tenda FH1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched...

CVE-2024-2995 NUUO Camera deletefile.php denial of service

A vulnerability was found in NUUO Camera up to 20240319 and classified as problematic. This issue affects some unknown processing of the file /deletefile.php. The manipulation of the argument filename leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed...

CVE-2024-2987

CVE-2024-2987 affects Tenda FH1202 (firmware 1.2.0.14(408)). The GetParentControlInfo endpoint (/goform/GetParentControlInfo) accepts a mac parameter whose length validation allows a stack-based buffer overflow, enabling remote code execution or denial of service as described in multiple sources....

CVE-2024-2987 Tenda FH1202 GetParentControlInfo stack-based overflow

A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14408. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...

CVE-2024-2985

CVE-2024-2985 affects Tenda FH1202 on version 1.2.0.14(408). The vulnerability lies in the function formQuickIndex of /goform/QuickIndex, where manipulating the PPPOEPassword argument causes a stack-based buffer overflow. This enables remote initiation and, per sources, an exploit has been disclo...

CVE-2024-2984

The CVE-2024-2984 issue affects Tenda FH1202 devices (version 1.2.0.14(408)). The root cause is a stack-based buffer overflow in the formSetCfm function (parameter funcpara1) of the /goform/setcfm endpoint, which can be triggered remotely. Public exploits are referenced in the records. Affected p...

CVE-2024-2939

CVE-2024-2939 affects Campcodes Online Examination System 1.0. The vulnerability exists in the updateExaminee.php path (commonly reported as /adminpanel/admin/facebox_modal/updateExaminee.php or /adminpanel/admin/facebox_model/updateExaminee.php) where manipulation of the id argument enables cros...

CVE-2024-2938

Campcodes Online Examination System 1.0 is affected by a SQL injection in the id parameter of /adminpanel/admin/facebox_modal/updateCourse.php. The vulnerability enables remote exploitation and a public exploit exists. Affected component is the updateCourse functionality, with the root cause bein...