2496 matches found
CVE-2024-10478 LinZhaoguan pb-cms Edit Article edit cross site scripting
A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms up to 2.0.1. This issue affects some unknown processing of the file /adminarticle/edit?id=2 of the component Edit Article Handler. The manipulation leads to cross site scripting. The attack may be initiated...
CVE-2024-10409
CVE-2024-10409 affects code-projects Blood Bank Management 1.0. The issue resides in the /file/accept.php handler, where manipulation of the query parameter reqid enables an SQL injection. The vulnerability is described as exploitable remotely and is publicly disclosed in multiple feeds, with no ...
CVE-2024-10406
A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/editfuel.php. The manipulation of the argument id leads to sql injection. The attack may be launched...
CVE-2024-10372
A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function downloadmodel of the file buzz/modelloader.py. The manipulation leads to insecure temporary file. It is possible to launch the attack on the local host. The complexity of an...
CVE-2024-10372
CVE-2024-10372 — chidiwilliams buzz 1.1.0 is affected through the function download_model in buzz/model_loader.py, where misuse creates an insecure temporary file. Attacks can be launched locally with high attack complexity and minimal privileges, and the vulnerability has been publicly disclosed...
CVE-2024-10300 PHPGurukul Medical Card Generation System View Enquiry Page view-enquiry.php sql injection
A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/view-enquiry.php of the component View Enquiry Page. The manipulation of the argument viewid leads to sql injection. Th...
CVE-2024-10292
A vulnerability was found in ZZCMS 2023 and classified as critical. This issue affects some unknown processing of the file 3/Ebak5.1/upload/ChangeTable.php. The manipulation of the argument savefilename leads to unrestricted upload. The attack may be initiated remotely. The exploit has been...
CVE-2024-10293
CVE-2024-10293 affects ZZCMS 2023. The vulnerable component is Ebak_SetGotoPak in 3/Ebbak5.1/upload/class/functions.php. The issue arises from manipulating the file parameter, enabling unrestricted file upload and potentially remote exploitation. Public disclosure of the exploit is indicated in m...
CVE-2024-10290
Summary of details (CVE-2024-10290): The vulnerability affects ZZCMS 2023, specifically an issue in the file path 3/qq-connect2.0/API/com/inc.php. The underlying effect is information disclosure, with the attack described as exploitable remotely. The public release of the exploit is noted in mult...
CVE-2024-10279 ESAFENET CDG PrintPolicyService.java sql injection
A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects unknown code of the file /com/esafenet/servlet/policy/PrintPolicyService.java. The manipulation of the argument policyId leads to sql injection. The attack can be initiated remotely. The...
CVE-2024-10278
CVE-2024-10278 affects ESAFENET CDG 5, specifically the ReUserOrganiseService.java path (/com/esafenet/servlet/user/ReUserOrganiseService.java). The vulnerability is a SQL injection triggered by manipulating the userId parameter, allowing remote initiation. Multiple sources confirm exploitation/p...
CVE-2024-10199
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /managemedicine.php of the component Manage Medicines Page. The manipulation of the argument...
CVE-2024-10198
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /managecustomer.php of the component Manage Customer Page. The manipulation of the argument suppliersname/address...
CVE-2024-10199 code-projects Pharmacy Management System Manage Medicines Page manage_medicine.php cross site scripting
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /managemedicine.php of the component Manage Medicines Page. The manipulation of the argument...
CVE-2024-10191 PHPGurukul Boat Booking System Booking Details Page book-details.php cross site scripting
A vulnerability, which was classified as problematic, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/book-details.php of the component Booking Details Page. The manipulation of the argument Official Remark leads to cross site scripting. It is...
CVE-2024-10137
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /managemedicine.php?action=delete. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...
CVE-2024-10122
A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Details Form. The manipulation leads to missing password field masking. It is possible to launch the...
CVE-2024-10120 wfh45678 Radar upload unrestricted upload
A vulnerability has been found in wfh45678 Radar up to 1.0.8 and classified as critical. This vulnerability affects unknown code of the file /services/v1/common/upload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been...
PT-2024-9995 · Drupal +1 · Drupal Core +1
Name of the Vulnerable Software and Affected Versions: Drupal Core versions 10.0.0 through 10.2.9 Description: A vulnerability in Drupal Core allows file manipulation. This issue is related to weaknesses in handling error situations, which could allow a remote attacker to impact the integrity of...
CVE-2024-9952 SourceCodester Online Eyewear Shop Contact Information Page contact_info cross site scripting
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=systeminfo/contactinfo of the component Contact Information Page. The manipulation of the argument Address leads to cross site...