Sql injection

A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/training/record/delete.php. The manipulation of the argument RECORDID leads to sql injection. The exploit has been disclosed to the public and may be used...

Cross site scripting

A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/?page=bike of the component Bike List. The manipulation of the argument Model with the input "confirm document.cookie...

Authentication flaw

A vulnerability classified as critical has been found in SATO CL4NX-J Plus 1.13.2-u455r2. This affects an unknown part of the component Cookie Handler. The manipulation with the input auth=user,level1,settings; web=true leads to improper authentication. Access to the local network is required for...

CVE-2023-5327

A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455r2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /rest/dir/. The manipulation of the argument full leads to path traversal. The attack needs to be initiated within the local network. Th...

CVE-2023-5296

The CVE-2023-5296 entry applies to Xinhu RockOA (versions 1.1–2.3.2 and 15.X3amdi) and concerns the Password Handler component. Affected functionality is within api.php?m=reimplat&a=index, where manipulation enables weak password recovery. The issue is exploitable remotely and can impact confiden...

Design/Logic Flaw

A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file uploadsavestudent.php. The manipulation of the argument uploadedfile leads to unrestricted upload. It is possible to launch the attack remotely. The...

CVE-2023-5285 Tongda OA 2017 delete.php sql injection

A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENTID leads to sql injection. The attack can be launched remotely. The...

Sql injection

A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/makehtmltaglistaction.php. The manipulation of the argument mktime leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to...

CVE-2023-5263

The CVE concerns ZZZCMS 2.1.7. It targets the restore function in the Database Backup File Handler’s /admin/save.php, where improper handling leads to permission issues. The vulnerability can be exploited remotely, and public disclosures exist (exploit has been disclosed). Affected component: Dat...

CVE-2023-5033

A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file /admin/category/cate-edit-run.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

Sql injection

A vulnerability classified as critical was found in SourceCodester Simple Membership System 1.0. Affected by this vulnerability is an unknown functionality of the file clubvalidator.php. The manipulation of the argument club leads to sql injection. The attack can be launched remotely. The exploit...

Information disclosure

A vulnerability, which was classified as problematic, has been found in China Unicom TEWA-800G 4.16L.04CT2015Yueme. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through debug log file. It is possible to launch the attack on the physical...

CVE-2023-5014

A vulnerability was found in Sakshi2610 Food Ordering Website 1.0 and classified as critical. This issue affects some unknown processing of the file categoryfood.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed t...

CVE-2023-4985

A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901. Affected is an unknown function of the file Project.xml. The manipulation leads to improper authentication. An attack has to be approached locally. The exploit has been disclosed to the public and may be...

Authentication flaw

A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901. Affected is an unknown function of the file Project.xml. The manipulation leads to improper authentication. An attack has to be approached locally. The exploit has been disclosed to the public and may be...

CVE-2023-4867

A vulnerability was found in Xintian Smart Table Integrated Management System 5.6.9. It has been classified as critical. Affected is an unknown function of the file /SysManage/AddUpdateSites.aspx of the component Added Site Page. The manipulation of the argument TbxSiteName leads to sql injection...

CVE-2023-4743 Dreamer CMS file access

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The complexity of ...

Sql injection

A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=email/api/delDraft&archiveId=0 of the component Delete Draft Handler. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2023-4711 D-Link DAR-8000-10 decodmail.php os command injection

A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. Th...

CVE-2023-4555

A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file suppliardata.php. The manipulation of the argument name/company leads to cross site scripting. The attack can be...