CVE-2024-10406

A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/editfuel.php. The manipulation of the argument id leads to sql injection. The attack may be launched...

CVE-2024-10372

A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function downloadmodel of the file buzz/modelloader.py. The manipulation leads to insecure temporary file. It is possible to launch the attack on the local host. The complexity of an...

CVE-2024-10372

CVE-2024-10372 — chidiwilliams buzz 1.1.0 is affected through the function download_model in buzz/model_loader.py, where misuse creates an insecure temporary file. Attacks can be launched locally with high attack complexity and minimal privileges, and the vulnerability has been publicly disclosed...

CVE-2024-10300 PHPGurukul Medical Card Generation System View Enquiry Page view-enquiry.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/view-enquiry.php of the component View Enquiry Page. The manipulation of the argument viewid leads to sql injection. Th...

CVE-2024-10292

A vulnerability was found in ZZCMS 2023 and classified as critical. This issue affects some unknown processing of the file 3/Ebak5.1/upload/ChangeTable.php. The manipulation of the argument savefilename leads to unrestricted upload. The attack may be initiated remotely. The exploit has been...

CVE-2024-10293

CVE-2024-10293 affects ZZCMS 2023. The vulnerable component is Ebak_SetGotoPak in 3/Ebbak5.1/upload/class/functions.php. The issue arises from manipulating the file parameter, enabling unrestricted file upload and potentially remote exploitation. Public disclosure of the exploit is indicated in m...

CVE-2024-10290

Summary of details (CVE-2024-10290): The vulnerability affects ZZCMS 2023, specifically an issue in the file path 3/qq-connect2.0/API/com/inc.php. The underlying effect is information disclosure, with the attack described as exploitable remotely. The public release of the exploit is noted in mult...

CVE-2024-10279 ESAFENET CDG PrintPolicyService.java sql injection

A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects unknown code of the file /com/esafenet/servlet/policy/PrintPolicyService.java. The manipulation of the argument policyId leads to sql injection. The attack can be initiated remotely. The...

CVE-2024-10278

CVE-2024-10278 affects ESAFENET CDG 5, specifically the ReUserOrganiseService.java path (/com/esafenet/servlet/user/ReUserOrganiseService.java). The vulnerability is a SQL injection triggered by manipulating the userId parameter, allowing remote initiation. Multiple sources confirm exploitation/p...

CVE-2024-10199

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /managemedicine.php of the component Manage Medicines Page. The manipulation of the argument...

CVE-2024-10198

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /managecustomer.php of the component Manage Customer Page. The manipulation of the argument suppliersname/address...

CVE-2024-10199 code-projects Pharmacy Management System Manage Medicines Page manage_medicine.php cross site scripting

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /managemedicine.php of the component Manage Medicines Page. The manipulation of the argument...

CVE-2024-10191 PHPGurukul Boat Booking System Booking Details Page book-details.php cross site scripting

A vulnerability, which was classified as problematic, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/book-details.php of the component Booking Details Page. The manipulation of the argument Official Remark leads to cross site scripting. It is...

CVE-2024-10137

A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /managemedicine.php?action=delete. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...

CVE-2024-10122

A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Details Form. The manipulation leads to missing password field masking. It is possible to launch the...

CVE-2024-10120 wfh45678 Radar upload unrestricted upload

A vulnerability has been found in wfh45678 Radar up to 1.0.8 and classified as critical. This vulnerability affects unknown code of the file /services/v1/common/upload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been...

PT-2024-9995 · Drupal +1 · Drupal Core +1

Name of the Vulnerable Software and Affected Versions: Drupal Core versions 10.0.0 through 10.2.9 Description: A vulnerability in Drupal Core allows file manipulation. This issue is related to weaknesses in handling error situations, which could allow a remote attacker to impact the integrity of...

CVE-2024-9952 SourceCodester Online Eyewear Shop Contact Information Page contact_info cross site scripting

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=systeminfo/contactinfo of the component Contact Information Page. The manipulation of the argument Address leads to cross site...

CVE-2024-9904

A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely...

CVE-2024-9855

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule1 of the component Module Plug-In Handler. The manipulation...