Sql injection

A vulnerability was found in SourceCodester Online School Fees System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajx.php of the component GET Parameter Handler. The manipulation of the argument namestartsWith leads to sql injection. The attack...

Path traversal

A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/read.php?mudi=announContent. The manipulation of the argument url leads to path traversal. The exploit has been disclosed to the public and may be...

CVE-2023-3237

A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...

CVE-2023-3234

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been declared as problematic. Affected by this vulnerability is the function putimage of the file api/controller/v1/PublicController.php. The manipulation leads to deserialization. The attack can be launched remotely. The exploit h...

CVE-2023-3236

A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function picsave of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit ha...

CVE-2023-3206

A vulnerability classified as problematic was found in Chengdu VEC40G 3.0. Affected by this vulnerability is an unknown functionality of the file /sendorder.cgi?parameter=restart. The manipulation of the argument restart with the input reboot leads to denial of service. The attack can be launched...

CVE-2023-3176

A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\user\manageuser.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. Th...

Sql injection

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\viewinquiry.php. The manipulation leads to sql injection. The attack can be launched remotely...

Sql injection

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user\manageuser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...

CVE-2023-3149

CVE-2023-3149 affects SourceCodester Online Discussion Forum Site 1.0. Vulnerability is a SQL injection in an unknown function of the file admin/user/manage_user.php triggered by manipulating the id parameter, allowing remote exploitation. Public exploitation has been disclosed; VDB-231018 is the...

Sql injection

A vulnerability has been found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This vulnerability affects unknown code of the file admin\categories\viewcategory.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. Th...

Sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Service Provider Management System 1.0. Affected by this issue is some unknown functionality of the file view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. T...

CVE-2023-3094 code-projects Agro-School Management System btn_functions.php doUpdateQuestion sql injection

A vulnerability classified as critical has been found in code-projects Agro-School Management System 1.0. Affected is the function doUpdateQuestion of the file btnfunctions.php. The manipulation of the argument questionid leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2023-3068

A vulnerability classified as critical has been found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/modaladdproduct.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit...

Improper access control

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/?page=user/list. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit ha...

CVE-2023-2928 DedeCMS article_allowurl_edit.php code injection

A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/articleallowurledit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely...

Improper access control

A vulnerability was found in NFine Rapid Development Platform 20230511. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /SystemManage/User/GetGridJson?search=false&nd=1680855479750&rows=50&page=1&sidx=FCreatorTime+desc&sord=asc. The...

Memory corruption

A vulnerability classified as critical was found in Twister Antivirus 8. This vulnerability affects the function 0x804f2143/0x804f217f/0x804f214b/0x80800043 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Local access is required to...

Null pointer dereference

A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0. It has been rated as problematic. Affected by this issue is the function 0x220448/0x220420/0x22040c/0x220408 of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be...

Cross site scripting

A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit h...