448 matches found
Car Rental System message_admin.php File SQL Injection Vulnerability
Car Rental System is a car rental system. Car Rental System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the messageadmin.php file's parameter Message. An attacker can use this vulnerability to execute illegal SQL commands...
Online Shoe Store cart.php File SQL Injection Vulnerability
Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter qty in the file /cart.php. The vulnerability can be exploited to execute illegal SQL...
Code-Projects Inventory Management System 安全漏洞
Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the editCategoriesName parameter in the /phpaction/editCategories.php file for externally entered SQL statements. An...
Code-Projects Simple Pizza Ordering System 注入漏洞
Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the file /addmem.php. An attacker can exploit this vulnerability to execute illegal...
PHPGurukul Hostel Management System 注入漏洞
Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the Username parameter of the /includes/login-hm.inc.php file. An attacker can use this...
School Fees Payment System datatable.php File SQL Injection Vulnerability
School Fees Payment System is a tuition payment system. The School Fees Payment System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter sSortDir0 in the file /datatable.php. An attacker can exploit this...
Employee Record Management System /myprofile.php File SQL Injection Vulnerability
Employee Record Management System is an employee record management system. Employee Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter EmpCode in the file /myprofile.php. An attacker...
CVE-2021-37130
There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a directory that is located underneath a restricted parent directory, but the software does not properly valida...
CampCodes Sales and Inventory System 注入漏洞
CampCodes Sales and Inventory System is a sales and inventory system from CampCodes, Inc. The CampCodes Sales and Inventory System suffers from a SQL injection vulnerability that stems from the lack of validation of the parameter Name in the file /pages/supplieradd.php for externally entered SQL...
WeGIA SQL注入漏洞
WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to cause a data leak or complete database corruption...
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' through the system's Content staging feature. An...
CVE-2023-40721
A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Tcpreplay vulnerabilities (USN-7231-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7231-1 advisory. It was discovered that Tcpreplay incorrectly handled memory when using the tcprewrite utility. A remote...
The vulnerability of the Addressing system’s plugin for requests, incidents, and inventory management of computer equipment in GLPI arises from the use of an external controlled input for selecting classes or codes. This allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the addressing plugin in the GLPI system for managing requests, incidents, and inventory of computer equipment is related to the use of an external controlled input for selecting classes or codes. Exploiting this vulnerability can allow a malicious actor to gain unauthorized...
TaskMatic 安全漏洞
TaskMatic is an automation assistant from TaskMatic. TaskMatic version 1.0 suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name as demonstrated by 'constructor': {'name':'Symbol'}. Hence a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
...
ROS-20240806-06
Vulnerability of ruby-find-library-file function of EMACS text editor is related to incorrect neutralization of special elements. neutralization of special elements. Exploitation of the vulnerability could allow an attacker to execute arbitrary code Vulnerability in the lib-src/etags.c file of th...
Tailoring Management System SQL Injection Vulnerability
Tailoring Management System is itsourcecode open source a tailoring management system . Tailoring Management System version 1.0 SQL injection vulnerability , the vulnerability stems from the parameter title lack of validation of external input SQL statements . An attacker can exploit this...
Learning Management System SQL Injection Vulnerability (CNVD-2024-35193)
Learning Management System is itsourcecode open source a learning management system . Learning Management System version 1.0 suffers from a SQL injection vulnerability , the vulnerability stems from the application lack of validation of external input SQL statements . Attackers can use this...
CVE-2024-37878
Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary code via the /TWCMS-gh-pages/twcms/runtime/twcmsview/default,index.htm.php" PHP directly echoes parameters input from external sources...