CVE-2024-35345

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts unidentified code within the file /classes/Users.php. Manipulating the argument id results in cross-site scripting...

CVE-2024-35352

Diño Physics School Assistant 2.3 is affected by a cross-site scripting (XSS) vulnerability in the code path /classes/Users.php?f=save. The issue is triggered by manipulating the middlename parameter, enabling XSS as described in multiple sources. CVSS 3.1 metrics indicate NETWORK attack vector w...

PT-2024-26442 · Anpviz · Anpviz

Name of the Vulnerable Software and Affected Versions: Anpviz products versions 3.2.2.2 and lower Description: The issue allows unauthenticated users to download the running configuration of the device via a HTTP GET request to "/ConfigFile.ini" or "/config.xml" URIs. This configuration file...

CVE-2024-5360

PHPGurukul Zoo Management System 2.1 contains a SQL injection in /admin/foreigner-bwdates-reports-details.php via the fromdate parameter. The vulnerability allows remote exploitation and has been publicly disclosed. Several sources corroborate impact and scope but do not provide an available fix/...

PT-2024-35783 · Unknown · Phpgurukul Zoo Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Zoo Management System version 2.1 Description: A critical issue has been found in the PHPGurukul Zoo Management System, affecting the /admin/foreigner-search.php file. The manipulation of the searchdata argument leads to SQL...

CVE-2024-5236

A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teachersalaryinvoice1.php. The manipulation of the argument date leads to sql injection. The attack can be...

CVE-2024-4267

A remote code execution RCE vulnerability exists in the parisneo/lollms-webui, specifically within the 'openfile' module, version 9.5. The vulnerability arises due to improper neutralization of special elements used in a command within the 'openfile' function. An attacker can exploit this...

CVE-2024-4267

The CVE-2024-4267 entry concerns parisneo/lollms-webui version 9.5, in the open_file (open file) function. The root cause is improper neutralization of elements in a user-controlled file path used by subprocess.Popen, allowing command injection. This enables remote code execution where an attacke...

PT-2024-34532 · Campcodes · Campcodes Complete Web-Based School Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Complete Web-Based School Management System version 1.0 Description: A critical issue affects the processing of the file /view/student profile1.php, where the manipulation of the std index argument leads to SQL injection. The attack...

Tenant Limited 1.0 SQL Injection

Titles: TENANT-LIMITED-1.0 SQLi Author: nu11secur1ty Date: 05/20/2024 Vendor: https://mayurik.com/ Software: https://www.sourcecodester.com/php/17375/best-courier-management-system-project-php.html Reference: https://portswigger.net/web-security/sql-injection Description: The username parameter...

CVE-2024-4321

A Local File Inclusion LFI vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker c...

ChuanhuChatGPT 输入验证错误漏洞

ChuanhuChatGPT is a lightweight and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and many other LLMs. An input validation error vulnerability exists in ChuanhuChatGPT version 20240310, which stems from improper input validation when handling file paths during chat log uploads, and...

CVE-2024-3318

A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for other sources...

CVE-2024-3318 SailPoint Identity Security Cloud Connector File Path Traversal Vulnerability

A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for other sources...

CVE-2024-3318

The CVE-2024-3318 issue affects SailPoint’s DelimitedFileConnector Cloud Connector. A file path traversal vulnerability allows an authenticated administrator to set arbitrary connector attributes (including the file attribute), which can enable access to files uploaded for other sources. The avai...

CVE-2024-3318 SailPoint Identity Security Cloud Connector File Path Traversal Vulnerability

A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for other sources...

CVE-2024-25965

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial of service...

CVE-2024-25965

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial of service...

CVE-2024-4720

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /model/approvepettycash.php. The manipulation of the argument adminindex leads to cross site scripting. The...

Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is a proprietary operating system developed by Dell for its PowerScale horizontally scalable NAS network attached storage solution. Dell PowerScale OneFS has an external control of file name or path vulnerability that can be exploited by an attacker to cause a denial of...