3231 matches found
CVE-2024-5360
PHPGurukul Zoo Management System 2.1 contains a SQL injection in /admin/foreigner-bwdates-reports-details.php via the fromdate parameter. The vulnerability allows remote exploitation and has been publicly disclosed. Several sources corroborate impact and scope but do not provide an available fix/...
PT-2024-35783 · Unknown · Phpgurukul Zoo Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Zoo Management System version 2.1 Description: A critical issue has been found in the PHPGurukul Zoo Management System, affecting the /admin/foreigner-search.php file. The manipulation of the searchdata argument leads to SQL...
CVE-2024-5236
A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teachersalaryinvoice1.php. The manipulation of the argument date leads to sql injection. The attack can be...
CVE-2024-4267
A remote code execution RCE vulnerability exists in the parisneo/lollms-webui, specifically within the 'openfile' module, version 9.5. The vulnerability arises due to improper neutralization of special elements used in a command within the 'openfile' function. An attacker can exploit this...
CVE-2024-4267
The CVE-2024-4267 entry concerns parisneo/lollms-webui version 9.5, in the open_file (open file) function. The root cause is improper neutralization of elements in a user-controlled file path used by subprocess.Popen, allowing command injection. This enables remote code execution where an attacke...
PT-2024-34532 · Campcodes · Campcodes Complete Web-Based School Management System
Name of the Vulnerable Software and Affected Versions: Campcodes Complete Web-Based School Management System version 1.0 Description: A critical issue affects the processing of the file /view/student profile1.php, where the manipulation of the std index argument leads to SQL injection. The attack...
Tenant Limited 1.0 SQL Injection
Titles: TENANT-LIMITED-1.0 SQLi Author: nu11secur1ty Date: 05/20/2024 Vendor: https://mayurik.com/ Software: https://www.sourcecodester.com/php/17375/best-courier-management-system-project-php.html Reference: https://portswigger.net/web-security/sql-injection Description: The username parameter...
The vulnerability of the PowerScale OneFS operating system, related to incorrect external management of file names or paths, allows a attacker to trigger a service failure.
The vulnerability of the PowerScale OneFS operating system is related to improper external management of file names or file paths. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the FortiClient for MAC protection mechanism lies in improper external management of file names or paths, allowing attackers to execute arbitrary code.
The vulnerability of the FortiClient for MAC protection tool is related to incorrect external manipulation of the file name or file path. Exploiting this vulnerability allows an attacker to execute arbitrary code by writing the malicious file to the /tmp directory...
The vulnerability of the PHP framework Laravel, related to insufficient protection of operational data, allows attackers to gain unauthorized access to protected information.
The vulnerability of the PHP framework Laravel is related to insufficient protection of sensitive data during the processing of the laravel.log file storage/logs/laravel.log. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
CVE-2024-4321
A Local File Inclusion LFI vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker c...
ChuanhuChatGPT 输入验证错误漏洞
ChuanhuChatGPT is a lightweight and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and many other LLMs. An input validation error vulnerability exists in ChuanhuChatGPT version 20240310, which stems from improper input validation when handling file paths during chat log uploads, and...
CVE-2024-3318
A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for other sources...
CVE-2024-3318 SailPoint Identity Security Cloud Connector File Path Traversal Vulnerability
A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for other sources...
CVE-2024-3318 SailPoint Identity Security Cloud Connector File Path Traversal Vulnerability
A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for other sources...
CVE-2024-3318
The CVE-2024-3318 issue affects SailPoint’s DelimitedFileConnector Cloud Connector. A file path traversal vulnerability allows an authenticated administrator to set arbitrary connector attributes (including the file attribute), which can enable access to files uploaded for other sources. The avai...
CVE-2024-25965
Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial of service...
CVE-2024-25965
Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial of service...
CVE-2024-4720
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /model/approvepettycash.php. The manipulation of the argument adminindex leads to cross site scripting. The...
Dell PowerScale OneFS 安全漏洞
Dell PowerScale OneFS is a proprietary operating system developed by Dell for its PowerScale horizontally scalable NAS network attached storage solution. Dell PowerScale OneFS has an external control of file name or path vulnerability that can be exploited by an attacker to cause a denial of...