Cross site scripting

A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the...

CVE-2022-4640

A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the...

Heap overflow

A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639. It has been rated as critical. Affected by this issue is some unknown functionality of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to...

Sql injection

A vulnerability classified as critical was found in SourceCodester Canteen Management System. This vulnerability affects unknown code of the file ajaxrepresent.php. The manipulation of the argument customerid leads to sql injection. The attack can be initiated remotely. The exploit has been...

Information disclosure

A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has be...

CVE-2022-4249

A vulnerability, which was classified as problematic, was found in Movie Ticket Booking System. Affected is an unknown function of the component POST Request Handler. The manipulation of the argument ORDERID leads to cross site scripting. It is possible to launch the attack remotely. The exploit...

Sql injection

A vulnerability classified as critical was found in Movie Ticket Booking System. This vulnerability affects unknown code of the file booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may ...

Cross site scripting

A vulnerability was found in SourceCodester Canteen Management System. It has been declared as problematic. This vulnerability affects the function builtinecho of the file customer.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

CVE-2022-4249

CVE-2022-4249 affects the Movie Ticket Booking System. Affected component: POST Request Handler. Root cause: manipulation of the ORDER_ID argument leads to a Cross-Site Scripting (XSS) vulnerability. Impact: allows remote exploitation; attacker can inject script via ORDER_ID. Public exploit/usage...

CVE-2022-4246

CVE-2022-4246 affects Kakao PotPlayer, specifically an unknown portion of the MID File Handler. The available documents report a denial-of-service condition that can be triggered remotely and note that the exploit has been disclosed publicly. No concrete affected versions or remediation are provi...

Command injection

A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical. Affected by this issue is some unknown functionality of the file ip/syscmd.htm. The manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to t...

CVE-2022-4222

A vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajaxinvoice.php of the component POST Request Handler. The manipulation of the argument search leads to sql injection. The attack may be initiate...

CVE-2022-4052

A vulnerability was found in Student Attendance Management System and classified as critical. This issue affects some unknown processing of the file /Admin/createClass.php. The manipulation of the argument Id leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2022-4053

CVE-2022-4053 affects the Student Attendance Management System. The vulnerability is in the createClass.php file, where manipulating the className argument can trigger a cross-site scripting (XSS) flaw. The issue is exploitable remotely, and the exploit has been disclosed publicly (VDB-213846). C...

CVE-2022-4012

A vulnerability classified as critical has been found in Hospital Management Center. Affected is an unknown function of the file patient-info.php. The manipulation of the argument ptid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publ...

CVE-2022-4011

CVE-2022-4011 affects the WordPress Simple History Plugin, specifically the Header Handler. The issue arises from manipulation of the X-Forwarded-For argument, causing improper output neutralization in logs. The vulnerability is exploitable remotely and has been disclosed publicly. Several connec...

Sql injection

A vulnerability was found in tholum crm42. It has been rated as critical. This issue affects some unknown processing of the file crm42\class\class.user.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit h...

CVE-2022-3941

A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely...

CVE-2022-3948 eolinker goku_lite getList sql injection

A vulnerability classified as critical was found in eolinker gokulite. This vulnerability affects unknown code of the file /plugin/getList. The manipulation of the argument route/keyword leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and...

CVE-2022-3810

A vulnerability was found in Axiomatic Bento4. It has been classified as problematic. This affects the function AP4File::AP4File of the file Mp42Hevc.cpp of the component mp42hevc. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been...