CVE-2023-0918 codeprojects Pharmacy Management System Avatar Image add.php unrestricted upload

A vulnerability has been found in codeprojects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file add.php of the component Avatar Image Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The...

CVE-2023-0918

CVE-2023-0918 affects codeprojects Pharmacy Management System 1.0, specifically the Avatar Image Handler’s add.php. The issue is unrestricted file upload due to missing validation, enabling remote code execution via uploaded files. Several sources confirm public exploitation and a high-impact pro...

Cross site scripting

A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file processorder.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2023-0785 SourceCodester Best Online News Portal check_availability.php information exposure

A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file checkavailability.php. The manipulation of the argument username leads to exposure of sensitive information through data querie...

Command injection

A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

Command injection

A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and ma...

Command injection

A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been...

Design/Logic Flaw

A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password...

Memory corruption

A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been declared as critical. This vulnerability affects unknown code of the file cfgop.ccp of the component Web Service. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed...

Command injection

A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file getset.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The...

Buffer overflow

A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Affected is an unknown function of the file /wireless/basic.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been...

Sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file user\operations\paymentoperation.php. The manipulation of the argument bookingid leads to sql injection. It is possible to initiate...

CVE-2023-0560

CVE-2023-0560 affects SourceCodester Online Tours & Travels Management System 1.0. The vulnerability is in the file admin/practice_pdf.php where manipulating the numeric parameter leads to SQL injection. The issue can be exploited remotely and has been publicly disclosed. Multiple sources confir...

CVE-2023-0532

A vulnerability classified as critical was found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/disapproveuser.php. The manipulation of the argument id leads to sql injection. The attack can be launched...

Sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file admin/expensereport.php. The manipulation of the argument todate leads to sql injection. It is possible to initiate the attack...

CVE-2023-0533 SourceCodester Online Tours & Travels Management System expense_report.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this issue is some unknown functionality of the file admin/expensereport.php. The manipulation of the argument fromdate leads to sql injection. The attack...

CVE-2023-0305

A vulnerability classified as critical was found in SourceCodester Online Food Ordering System. This vulnerability affects unknown code of the file adminclass.php of the component Login Module. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely...

Sql injection

A vulnerability classified as critical was found in SourceCodester Online Food Ordering System. This vulnerability affects unknown code of the file adminclass.php of the component Login Module. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely...

Cross site scripting

A vulnerability, which was classified as problematic, was found in earclink ESPCMS P8.21120101. Affected is an unknown function of the component Content Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2022-4728

A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...