CVE-2024-35219

A flaw was found in OpenAPI generator, where it allows the generation of API client libraries, for example, SDK generation, server stubs, documentation, and configuration, automatically given an OpenAPI Spec. This flaw allows an attacker to cause a path traversal vulnerability to read and delete...

CVE-2024-5395

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file listofinstructor.php. The manipulation of the argument FullName leads to sql injection. The attack may be initiated remotely. The...

CVE-2024-5395 itsourcecode Online Student Enrollment System listofinstructor.php sql injection

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file listofinstructor.php. The manipulation of the argument FullName leads to sql injection. The attack may be initiated remotely. The...

CVE-2024-5383

A vulnerability classified as problematic has been found in lakernote EasyAdmin up to 20240324. This affects an unknown part of the file /sys/file/upload. The manipulation of the argument file leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-5379

CVE-2024-5379 is a cross-site scripting (XSS) vulnerability affecting JFinalCMS up to 20240111. The issue arises from manipulating the directory argument of the file under /admin/template , leading to XSS. The vulnerability can be exploited remotely and the exploit has been publicly disclosed. Mu...

CVE-2024-5371

A vulnerability classified as problematic has been found in Kashipara College Management System 1.0. This affects an unknown part of the file submitenrollstudent.php. The manipulation of the argument classname leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2024-5359

CVE-2024-5359 affects PHPGurukul Zoo Management System v2.1, with a SQL injection in /admin/foreigner-search.php via the searchdata parameter. Exploitation appears remote and publicly disclosed. Connected sources corroborate the file and parameter as the entry point; no official patch/version det...

CVE-2024-5338

A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been classified as critical. Affected is an unknown function of the file /view/vpn/autovpn/online.php. The manipulation of the argument peernode leads to os command injection. It is possible to launch the attack remotely. The explo...

CVE-2024-5310

A vulnerability classified as problematic has been found in JFinalCMS up to 20221020. This affects an unknown part of the file /admin/content. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to th...

CVE-2024-5135 PHPGurukul Directory Management System index.php sql injection

A vulnerability was found in PHPGurukul Directory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has...

CVE-2024-5050 Wangshen SecGate 3600 ?g=log_import_save unrestricted upload

A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516. This affects an unknown part of the file /?g=logimportsave. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The associated...

CVE-2024-4966

A vulnerability was found in SourceCodester SchoolWebTech 1.0. It has been classified as critical. Affected is an unknown function of the file /improve/home.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-4964

UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This vulnerability affects unknown code of the file /firewall/urlblist.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated...

CVE-2024-4904

A vulnerability was found in Byzoro Smart S200 Management Platform up to 20240507. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument webimg leads to unrestricted upload. The attack may be initiated...

CVE-2024-4903 Tongda OA delete.php sql injection

A vulnerability was found in Tongda OA 2017. It has been declared as critical. This vulnerability affects unknown code of the file /general/meeting/manage/delete.php. The manipulation of the argument MIDSTR leads to sql injection. The attack can be initiated remotely. The exploit has been disclos...

CVE-2024-4820

CVE-2024-4820 affects SourceCodester Online Computer and Laptop Store 1.0. The vulnerability resides in the file /classes/SystemSettings.php?f=update_settings, allowing unrestricted (remote) upload. This has been publicly disclosed and is classified as high severity by NVD/CNA sources, with pract...

CVE-2024-4797

The CVE-2024-4797 affects Campcodes Online Laundry Management System 1.0. The vulnerability resides in the /ajax.php endpoint where the arguments name/customer_name/username can be manipulated to trigger cross-site scripting. Exploitation can be performed remotely, and public exploitation informa...

CVE-2024-4737 Campcodes Legal Case Management System vendor cross site scripting

A vulnerability was found in Campcodes Legal Case Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/vendor. The manipulation of the argument companyname/mobile leads to cross site scripting. It is possible to initiate the attack remotely...

CVE-2024-4731 Campcodes Legal Case Management System role cross site scripting

A vulnerability classified as problematic was found in Campcodes Legal Case Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/role. The manipulation of the argument slug leads to cross site scripting. The attack can be launched remotely. The...

CVE-2024-4729

CVE-2024-4729 affects Campcodes Legal Case Management System 1.0. The vulnerability is a cross-site scripting flaw caused by manipulation of the name argument in /admin/expense-type. It may be exploited remotely. Some sources indicate exploitation was disclosed. There is no vendor-provided patch ...