Sql injection

A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/makehtmltaglistaction.php. The manipulation of the argument mktime leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to...

Sql injection

A vulnerability, which was classified as critical, has been found in Tongda OA 2017. Affected by this issue is some unknown functionality of the file general/hr/manage/stafftransfer/delete.php. The manipulation of the argument TRANSFERID leads to sql injection. The exploit has been disclosed to t...

CVE-2023-5263

The CVE concerns ZZZCMS 2.1.7. It targets the restore function in the Database Backup File Handler’s /admin/save.php, where improper handling leads to permission issues. The vulnerability can be exploited remotely, and public disclosures exist (exploit has been disclosed). Affected component: Dat...

CVE-2023-5262 OpenRapid RapidCMS uploadicon.php isImg unrestricted upload

A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. Affected by this vulnerability is the function isImg of the file /admin/config/uploadicon.php. The manipulation of the argument fileName leads to unrestricted upload. The attack can be launched remotely. The...

Sql injection

A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unknown function of the file general/hr/manage/stafftitleevaluation/delete.php. The manipulation of the argument EVALUATIONID leads to sql injection. The exploit has been disclosed to the public and may...

CVE-2022-4244 Codehaus-plexus: directory traversal

A flaw was found in codeplex-codehaus. A directory traversal attack also known as path traversal aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash ../" sequences and their variations or by using absolute file paths, it may be possib...

Sql injection

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected by this issue is some unknown functionality of the file /importexport.php. The manipulation of the argument sql leads to sql injection. The attack m...

CVE-2023-5033

A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file /admin/category/cate-edit-run.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

CVE-2023-5032

A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/article/article-edit-run.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit...

Sql injection

A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/article/article-add.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The...

Sql injection

A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The...

CVE-2023-5019 Tongda OA delete.php sql injection

A vulnerability classified as critical was found in Tongda OA. This vulnerability affects unknown code of the file general/hr/manage/staffreinstatement/delete.php. The manipulation of the argument REINSTATEMENTID leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2023-5012

A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\Program Files\Topaz OFD\Warsaw\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requiremen...

CVE-2023-4984

A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file /api/es/admin/v3/security/user/1. The manipulation leads to unprotected storage of credentials. The attack may be initiated remotely. The exploit ha...

CVE-2023-4984 didi KnowSearch 1 credentials storage

A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file /api/es/admin/v3/security/user/1. The manipulation leads to unprotected storage of credentials. The attack may be initiated remotely. The exploit ha...

CVE-2023-36634

FortiAP-U CVE-2023-36634 applies to FortiAP-U versions 5.4–7.0.0 and 6.0–6.2.5, due to incomplete filtering of special elements (CWE-792) in the command line interpreter. An authenticated attacker could list and delete arbitrary files/directories via specially crafted command arguments. The impac...

Sql injection

A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2023-4852

CVE-2023-4852 affects IBOS OA 4.5.5. The vulnerability originates from the handling of the file parameter at ?r=dashboard/database/optimize, enabling SQL injection . It can be exploited remotely; the exploit has been disclosed publicly. Multiple connected sources corroborate the issue and tie it ...

CVE-2023-4850

A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=dashboard/position/del. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used...

Input validation

A vulnerability in the Embedded Service Router ESR of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. To exploit this vulnerability, an attacker must have valid...