CVE-2024-0464

A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0. This affects an unknown part of the file deletefaculty.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the...

CVE-2024-0459

A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...

Improper access control

A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file public/install.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the publ...

Sql injection

A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and...

CVE-2024-0347

A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file signupteacher.php. The manipulation of the argument Password leads to weak password requirements. The attack may be initiated remotely. The...

CVE-2024-0346 CodeAstro Vehicle Booking System Feedback Page user-give-feedback.php cross site scripting

A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 and classified as problematic. This vulnerability affects unknown code of the file usr/user-give-feedback.php of the component Feedback Page. The manipulation of the argument My Testemonial leads to cross site scripting. The...

CVE-2024-0308

The CVE-2024-0308 issue affects Inis up to 2.0.1, where manipulation of the argument p_url in file app/api/controller/default/Proxy.php enables server-side request forgery (SSRF). This is a network-accessible vulnerability with remote potential and public exploit disclosure. Affected component is...

Command injection

A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619B20230130. Affected by this vulnerability is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotel...

Sql injection

A vulnerability, which was classified as critical, has been found in Kashipara Food Management System 1.0. This issue affects some unknown processing of the file stockedit.php. The manipulation of the argument itemtype leads to sql injection. The attack may be initiated remotely. The exploit has...

CVE-2024-0289

A vulnerability classified as critical was found in Kashipara Food Management System 1.0. This vulnerability affects unknown code of the file stockentrysubmit.php. The manipulation of the argument itemype leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed...

CVE-2024-0283

A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file partydetails.php. The manipulation of the argument partyname leads to cross site scripting. The attack can be initiated remotely. The...

Sql injection

A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0. Affected is an unknown function of the file itemlistedit.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

Sql injection

A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as critical. Affected is an unknown function of the file addwasteentry.php. The manipulation of the argument itemname leads to sql injection. It is possible to launch the attack remotely. The exploit h...

Design/Logic Flaw

A vulnerability was found in Uniway Router 2.0. It has been declared as critical. This vulnerability affects unknown code of the component Administrative Web Interface. The manipulation leads to reliance on ip address for authentication. The attack can be initiated remotely. The complexity of an...

CVE-2024-0264

A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. The...

CVE-2024-0261

CVE-2024-0261 affects Sentex FTPDMIN 0.96. The RNFR Command Handler component is implicated, with the vulnerability described as enabling a remote denial-of-service. Multiple sources confirm the vulnerability and public disclosure of the exploit. The in-scope impact is DoS, with no evidence of br...

CVE-2024-0191

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit...

CVE-2024-0189

A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file teachermessage.php of the component Create Message Handler. The manipulation of the argument Content with the input alertx leads to cross...

CVE-2024-0189 RRJ Nueva Ecija Engineer Online Portal Create Message teacher_message.php cross site scripting

A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file teachermessage.php of the component Create Message Handler. The manipulation of the argument Content with the input alertx leads to cross...

Out-of-bounds

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboardteacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely...