CVE-2023-4545

A vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is an unknown function of the file ?r=recruit/bgchecks/export&checkids=x. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public an...

Command injection

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L ENV9.3.5u.6146B20201023. This affects the function setDiagnosisCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may...

CVE-2023-4383

CVE-2023-4383 affects MicroWorld eScan Anti-Virus 7.0.32 on Linux. The root cause is an improperly assigned privilege in the file runasroot, causing incorrect execution permissions. It is a local vulnerability (attack vector: LOCAL) with low attack complexity and requires low privileges, no user ...

Sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Resort Reservation System 1.0. This affects an unknown part of the file manageuser.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2023-4179

A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected is an unknown function of the file /vm/doctor/doctors.php?action=view. The manipulation of the argument id leads to sql injection. It is possible to launch the...

Path traversal

A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \Service\FileHandler.ashx. The manipulation of the argument FileDirectory leads to absolute path traversal...

CVE-2023-4172

CVE-2023-4172 affects Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. The vulnerability arises from improper handling of the FileDirectory argument in the FileHandler.ashx (path/file processing), enabling absolute path traversal via a remote attack. Exploitation has been disclosed...

Cross site scripting

A vulnerability classified as problematic has been found in Campcodes Beauty Salon Management System 1.0. This affects an unknown part of the file /admin/edit-accepted-appointment.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotel...

CVE-2023-3872 Campcodes Beauty Salon Management System edit-services.php sql injection

A vulnerability classified as critical was found in Campcodes Beauty Salon Management System 1.0. This vulnerability affects unknown code of the file /admin/edit-services.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has bee...

Out-of-bounds

A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/upload.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been...

CVE-2023-3836

A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePointaddImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated...

Design/Logic Flaw

A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has been classified as problematic. This affects an unknown part of the file /admin/teststatus.php. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The associated identifier of this...

Design/Logic Flaw

A vulnerability was found in Intergard SGS 8.7.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to cleartext storage of sensitive information in memory. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and m...

Sql injection

A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0. Affected is an unknown function of the file add-product.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2023-3578

A vulnerability classified as critical was found in DedeCMS 5.7.109. Affected by this vulnerability is an unknown functionality of the file codo.php. The manipulation of the argument rssurl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The...

CVE-2023-3578 DedeCMS co_do.php server-side request forgery

A vulnerability classified as critical was found in DedeCMS 5.7.109. Affected by this vulnerability is an unknown functionality of the file codo.php. The manipulation of the argument rssurl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The...

PT-2023-24906 · Ibos Oa · Ibos Oa

Name of the Vulnerable Software and Affected Versions: IBOS OA version 4.5.5 Description: A critical issue has been found in the Interview Management Export component, specifically affecting the actionExport function of the file ?r=recruit/interview/export&interviews=x. The manipulation of the...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in SourceCodester Game Result Matrix System 1.0. Affected by this issue is some unknown functionality of the file /dipam/save-delegates.php of the component GET Parameter Handler. The manipulation of the argument delname leads t...

Sql injection

A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file exam-delete.php. The manipulation of the argument testid leads to sql injection. The attack can be launched remotely...

CVE-2023-3340

A vulnerability was found in SourceCodester Online School Fees System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajx.php of the component GET Parameter Handler. The manipulation of the argument namestartsWith leads to sql injection. The attack...