CVE-2024-10760

A vulnerability was found in code-projects University Event Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dodelete.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has bee...

CVE-2024-10761 Umbraco CMS Dashboard frame cross site scripting

A vulnerability was found in Umbraco CMS up to 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is...

CVE-2024-10756

A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/assets/plugins/DataTables/media/unittesting/templates/htmltable.php. The manipulation of the argument scripts leads to cross...

CVE-2024-10754

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/assets/plugins/DataTables/media/unittesting/templates/dymanictable.php. The manipulation of the argument scripts leads to cross site...

CVE-2024-10752

A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /productsadd.php. The manipulation of the argument id/name leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2024-10752 Codezips Pet Shop Management System productsadd.php sql injection

A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /productsadd.php. The manipulation of the argument id/name leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2024-10752 Codezips Pet Shop Management System productsadd.php sql injection

A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /productsadd.php. The manipulation of the argument id/name leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2024-10744

CVE-2024-10744 affects PHPGurukul Online Shopping Portal 2.0, specifically the /admin/assets/plugins/DataTables/media/unit_testing/templates/complex_header_2.php functionality. The issue is a cross-site scripting flaw triggered by manipulating the scripts parameter, enabling remote exploitation. ...

CVE-2024-10738

A vulnerability classified as critical was found in itsourcecode Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file manage-breed.php. The manipulation of the argument breed leads to sql injection. The attack can be launched remotely. The exploit has...

CVE-2024-10616

A vulnerability classified as critical has been found in Tongda OA up to 11.9. This affects an unknown part of the file /pda/workflow/webSignSubmit.php. The manipulation of the argument saleId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed t...

CVE-2024-10599

A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. This issue affects some unknown processing of the file /inc/packagestaticresources.php. The manipulation leads to resource consumption. The attack may be initiated remotely. The exploit has been...

CVE-2024-10599 Tongda OA 2017 package_static_resources.php resource consumption

A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. This issue affects some unknown processing of the file /inc/packagestaticresources.php. The manipulation leads to resource consumption. The attack may be initiated remotely. The exploit has been...

CVE-2024-10599

CVE-2024-10599 affects Tongda OA 2017 up to version 11.7. The vulnerability arises from improper handling of the file /inc/package_static_resources.php, leading to resource consumption that can be triggered remotely. Multiple sources confirm the issue and disclose that an exploit exists. Remediat...

CVE-2024-10598 Tongda OA Annual Leave data.php improper authorization

A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization. The attack can be...

CVE-2024-10595

A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delFile/delDifferCourseList of the file /com/esafenet/servlet/ajax/PublicDocInfoAjax.java. The manipulation leads to sql injection. The attack can be launched remotely. Th...

CVE-2024-10557

The CVE-2024-10557 entry applies to code-projects Blood Bank Management System 1.0. The vulnerability is a cross-site request forgery impacting an unknown function in /file/updateprofile.php, with remote initiation and public disclosure of the exploit. Root cause is CSRF exposure in the updatepro...

CVE-2024-10505

A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2024-7774

CVE-2024-7774 describes a path traversal in langchain-ai/langchainjs v0.2.5. The getFullPath path handling is vulnerable, allowing an attacker to save files anywhere, overwrite text files, read .txt files, and delete files via unsanitized input in getFullPath and related calls (setFileContent, ge...

CVE-2024-10478 LinZhaoguan pb-cms Edit Article edit cross site scripting

A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms up to 2.0.1. This issue affects some unknown processing of the file /adminarticle/edit?id=2 of the component Edit Article Handler. The manipulation leads to cross site scripting. The attack may be initiated...

CVE-2024-10409

CVE-2024-10409 affects code-projects Blood Bank Management 1.0. The issue resides in the /file/accept.php handler, where manipulation of the query parameter reqid enables an SQL injection. The vulnerability is described as exploitable remotely and is publicly disclosed in multiple feeds, with no ...