CVE-2024-10672

The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpgupsertprojectsourceblock function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with...

CVE-2024-10672

CVE-2024-10672: The Multiple Page Generator Plugin – MPG for WordPress is vulnerable to directory traversal that enables authenticated attackers with editor-level access (and higher) to delete limited server files. Affected versions are

CVE-2024-51093

CVE-2024-51093 is a Stored XSS vulnerability in Snipe-IT 7.0.13 where an attacker can upload a malicious XML file containing JavaScript. The payload can execute in the victim’s browser and, as described across sources, may enable privilege escalation to a super admin. Affected component is the fi...

CVE-2024-10470

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it...

CVE-2024-10470 WPLMS Learning Management System for WordPress <= 4.962 - Unauthenticated Arbitrary File Read and Deletion

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it...

CVE-2024-10625

CVE-2024-10625 affects the WooCommerce Support Ticket System plugin for WordPress. It enables unauthenticated deletion of arbitrary files via delete_tmp_uploaded_file() due to insufficient path validation in versions up to 17.7, with potential remote code execution when critical files (e.g., wp-c...

Wazifa System control.php File SQL Injection Vulnerability

Wazifa System is a content management system. Wazifa System suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the parameter to of the file /controllers/control.php. An attacker can exploit this vulnerability to execute illegal...

Directory Traversal

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal due to the improper handling of file paths in the processingutils.asyncmovefilestocache function. An attacker can read arbitrary...

CVE-2024-10757

A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Shopping Portal 2.0. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unittesting/templates/jsdata.php. The manipulation of the argument scripts leads t...

PT-2024-16565 · Unknown · Phpgurukul Hospital Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Hospital Management System version 4.0 Description: A vulnerability was found in the PHPGurukul Hospital Management System, affecting some unknown processing of the file hms/doctor/search.php. The manipulation of the argument...

CVE-2024-10745

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unittesting/templates/deferredtable.php. The manipulation of the argument scripts leads to...

PT-2024-16506 · Unknown · Wazifa System

Name of the Vulnerable Software and Affected Versions: Wazifa System version 1.0 Description: A critical issue affects the processing of the file /controllers/control.php, where the manipulation of the argument leads to sql injection. The attack may be initiated remotely. The exploit has been...

PT-2024-16508 · Unknown · Datatables +1

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Shopping Portal version 2.0 Description: A vulnerability was found in the PHPGurukul Online Shopping Portal, affecting an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit testing/templates/comple...

EsafeNet CDG SQL注入漏洞

EsafeNet CDG is a document security management system from EsafeNet. A SQL injection vulnerability exists in EsafeNet CDG v5, which originates from the parameter id of the file /com/esafenet/servlet/system/HookInvalidCourseService.java that can lead to SQL injection...

CVE-2024-50801

A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update function in publichtml/admin/controller/responses/listinggrid/collections.php. The vulnerability is exploitable via the id parameter...

PT-2024-16396 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA 2017 up to 11.7 Description: A problematic issue has been found in Tongda OA, affecting some unknown processing of the file /inc/package static resources.php. This leads to resource consumption and can be initiated remotely. The iss...

Code-Projects Blood Bank Management System 跨站请求伪造漏洞

Code-Projects Blood Bank Management System is a Code-Projects open source blood bank management system. A cross-site request forgery vulnerability exists in Code-Projects Blood Bank Management System version 1.0, which originates from a cross-site request forgery vulnerability contained in the fi...

PT-2024-9013

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Red Hat products affected versions not specified Description: A vulnerability was found in Keycloak, allowing a user with high privileges to read sensitive information from a Vault file that is not...

PHPGurukul IFSC Code Finder Project 安全漏洞

PHPGurukul IFSC Code Finder Project is an IFSC code finder project from PHPGurukul. A security vulnerability exists in version v1.0 of the PHPGurukul IFSC Code Finder Project, which originates from a reflected cross-site scripting vulnerability contained in the searchifsccode parameter in the...

Insecure Temporary File

Overview Affected versions of this package are vulnerable to Insecure Temporary File through the use of the deprecated mktemp function, there is a risk of race conditions. This occurs because the function generates a temporary file name without ensuring exclusive access, allowing an opportunity f...