CVE-2024-12185

CVE-2024-12185 affects Code-Projects Hotel Management System 1.0 in the Administrator Login Password Handler. The vulnerability is a stack-based buffer overflow triggered by manipulating the Str2 argument, with a local attack required. Public exploit information has been disclosed. Related adviso...

CVE-2024-12181

CVE-2024-12181 affects DedeCMS 5.7.116; the vulnerability is in the SWF File Handler component via the /member/uploads_add.php endpoint, where manipulating the mediatype argument enables cross-site scripting. The issue is exploitable remotely and affects an unknown functionality of that file. Mul...

CVE-2024-12001 code-projects Wazifa System Setting updatesettings.php cross site scripting

A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0. Affected is an unknown function of the file /controllers/updatesettings.php of the component Setting Handler. The manipulation of the argument firstname leads to cross site scripting. It is possible to...

CVE-2024-11996

CVE-2024-11996 affects code-projects Farmacia 1.0. The vulnerability resides in /editar-fornecedor.php, where manipulating the cidade parameter leads to cross-site scripting. It can be exploited remotely, and public exploits have been disclosed. Other parameters may also be affected. Affected com...

CVE-2024-11962

A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has be...

CVE-2024-11961

CVE-2024-11961 affects Guangzhou Huayi Intelligent Technology Jeewms 3.7, specifically the preHandle function in src/main/java/com/zzjee/wm/controller/WmOmNoticeHController.java. The issue is argument manipulation leading to information disclosure, with remote exploit potential and public disclos...

CVE-2024-11860

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=deletetenant of the component POST Request Handler. The manipulation of the argument id leads to improper authorization...

CVE-2024-11860 SourceCodester Best House Rental Management System POST Request ajax.php improper authorization

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=deletetenant of the component POST Request Handler. The manipulation of the argument id leads to improper authorization...

CVE-2024-11819

A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. This vulnerability affects unknown code of the file /forgotpasswordprocess.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploi...

CVE-2024-11745 Tenda AC8 SetStaticRouteCfg route_static_check stack-based overflow

A vulnerability was found in Tenda AC8 16.03.34.09 and classified as critical. Affected by this issue is the function routestaticcheck of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploi...

CVE-2024-11744 1000 Projects Portfolio Management System MCA register.php sql injection

A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely...

CVE-2024-11742

A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0. This issue affects some unknown processing of the file /rental/ajax.php?action=savetenant. The manipulation of the argument lastname/firstname/middlename leads to cross...

CVE-2024-11674

CodeAstro Hospital Management System 1.0 is affected by CVE-2024-11674 due to an unrestricted file upload in the /backend/doc/his_doc_update-account.php function when manipulating the doc_dpic parameter. The vulnerability can be triggered remotely, and public exploitation details have been disclo...

CVE-2024-11492 115cms appurladd.html cross site scripting

A vulnerability classified as problematic has been found in 115cms up to 20240807. This affects an unknown part of the file /index.php/admin/web/appurladd.html. The manipulation of the argument tid leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-11486

A vulnerability, which was classified as problematic, was found in Code4Berry Decoration Management System 1.0. This affects an unknown part of the file /decoration/admin/userpermission.php of the component User Permission Handler. The manipulation leads to permission issues. It is possible to...

CVE-2024-11487

A vulnerability has been found in Code4Berry Decoration Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /decoration/admin/btndatesreport.php of the component Between Dates Reports. The manipulation of the argument fromdate/todate leads to sql...

CVE-2024-11486 Code4Berry Decoration Management System User Permission user_permission.php

A vulnerability, which was classified as problematic, was found in Code4Berry Decoration Management System 1.0. This affects an unknown part of the file /decoration/admin/userpermission.php of the component User Permission Handler. The manipulation leads to permission issues. It is possible to...

CVE-2024-11259 code-projects Farmacia fornecedores.php cross site scripting

A vulnerability, which was classified as problematic, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /fornecedores.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the...

CVE-2024-11244 code-projects Farmacia editar-cliente.php sql injection

A vulnerability classified as critical was found in code-projects Farmacia 1.0. This vulnerability affects unknown code of the file /editar-cliente.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public a...

CVE-2024-11213

SourceCodester Best Employee Management System 1.0 is affected by a SQL injection in /admin/edit_role.php via the id parameter. The issue stems from improper input handling, enabling remote exploitation and has been publicly disclosed. Connected documents corroborate an SQL injection vulnerabilit...