Lucene search
K

92 matches found

CNNVD
CNNVD
added 2024/01/11 12:0 a.m.4 views

ForU CMS Authorization Issues Vulnerability

ForU CMS is a website builder system of ForU open source. ForU CMS 2020-06-23 and earlier versions of the authorization problem vulnerability , the vulnerability stems from the file /admin/index.php there are arbitrary administrator password reset vulnerability...

7.5CVSS7AI score0.00742EPSS
Exploits1References4
OSV
OSV
added 2023/07/25 12:15 a.m.4 views

CVE-2023-3873

A vulnerability, which was classified as critical, has been found in Campcodes Beauty Salon Management System 1.0. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The...

7.5CVSS5.7AI score0.00654EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/07/24 12:0 a.m.6 views

Campcodes Beauty Salon Management System SQL注入漏洞

Campcodes Beauty Salon Management System is a beauty salon management system from Campcodes. A SQL injection vulnerability exists in Campcodes Beauty Salon Management System version 1.0, which originates from an unknown part of /admin/index.php, which leads to a sql injection via the parameter...

7.5CVSS7.5AI score0.00654EPSS
Exploits1References5
OSV
OSV
added 2023/07/17 12:15 a.m.1 views

CVE-2023-3694

A vulnerability, which was classified as critical, has been found in SourceCodester/projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /index.php. The manipulation of the argument keywords/location leads to sql injection. The attack may be...

9.8CVSS5.7AI score0.00655EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/05/15 12:0 a.m.4 views

Faculty Evaluation System SQL注入漏洞

Faculty Evaluation System is a faculty evaluation system by the individual developer Carlo Montero. A security vulnerability exists in version v1.0 of the Sourcecodester Faculty Evaluation System, which stems from an SQL injection in /eval/index.php?page=editfaculty&id=...

7.2CVSS7.2AI score0.00756EPSS
Exploits1References2
OSV
OSV
added 2022/12/02 8:15 p.m.6 views

CVE-2022-44944

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add Announcement function at /index.php?module=helppages/pages&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the...

5.4CVSS5.9AI score0.01049EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/11/25 12:0 a.m.5 views

Book Store Management System 跨站脚本漏洞

Book Store Management System is an online bookstore system by Carlo Montero, an individual developer. A security vulnerability exists in Book Store Management System v1.0, which originates in the booktitle parameter of its /bsmsci/index.php/book component, allowing an attacker to execute arbitrar...

6.1CVSS6.6AI score0.00484EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/09/22 12:0 a.m.4 views

Google KFM 跨站脚本漏洞

Google KFM is an ajax file browser and manager from Google, Inc. A security vulnerability exists in Google KFM that stems from a cross-site scripting XSS vulnerability that can be triggered via a crafted GET request to /kfm/index.php...

6.1CVSS5.9AI score0.01346EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/08/25 12:0 a.m.5 views

PT-2022-23240 · Wuzhicms · Wuzhi Cms

Name of the Vulnerable Software and Affected Versions: Wuzhicms version 4.1.0 Description: A directory traversal issue was found in Wuzhicms via the /coreframe/app/attachment/admin/index.php endpoint. Recommendations: For Wuzhicms version 4.1.0, consider restricting access to the...

2.7CVSS3.6AI score0.00847EPSS
Exploits1References6
OSV
OSV
added 2022/06/17 2:15 p.m.2 views

CVE-2022-31355

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=...

9.8CVSS5.8AI score0.01026EPSS
Exploits1References1
OSV
OSV
added 2022/06/02 4:15 p.m.5 views

CVE-2022-32017

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bytitle...

7.2CVSS5.8AI score0.00946EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/06/02 2:15 p.m.3 views

CVE-2022-30817

Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php...

9.8CVSS5.9AI score0.01081EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.4 views

PbootCMS 跨站请求伪造漏洞

PbootCMS is PbootCMS individual developers of an open source enterprise website content management system CMS developed using the PHP language. A security vulnerability exists in PbootCMS v2.0.3, which can be exploited by an attacker to view the added system administrators via the...

8.8CVSS7.9AI score0.00508EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/05/11 1:15 p.m.4 views

CVE-2022-29316

Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch...

9.8CVSS5.9AI score0.03139EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/05 12:0 a.m.5 views

Masa CMS 路径遍历漏洞

Masa CMS is a digital experience platform from MasaCMS. A security vulnerability exists in Masa CMS version 7.2.1, which stems from a path traversal vulnerability due to a lack of escaping for path parameters in /index.cfm/api/asset/image/...

7.5CVSS7.3AI score0.04609EPSS
Exploits1References5
OSV
OSV
added 2022/04/26 9:15 p.m.4 views

CVE-2022-28522

ZCMS v20170206 was discovered to contain a stored cross-site scripting XSS vulnerability via index.php?m=home&c=message&a=add...

5.4CVSS5.7AI score0.00582EPSS
Exploits1References2
OSV
OSV
added 2022/04/08 9:15 a.m.5 views

CVE-2022-27346

Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

8.8CVSS7.6AI score0.02539EPSS
Exploits3References3
OSV
OSV
added 2021/12/27 9:15 p.m.5 views

CVE-2020-20945

A Cross-Site Request Forgery CSRF in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts...

8.8CVSS5.8AI score0.00555EPSS
Exploits1References2
OSV
OSV
added 2021/12/27 9:15 p.m.6 views

CVE-2020-20944

An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files...

9.1CVSS5.8AI score0.01958EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2021/08/05 12:0 a.m.4 views

The vulnerability in the implementation of the /app/system/column/admin/index.class.php script of the Metinfo CMS system allows a perpetrator to increase their privileges.

The vulnerability of the /app/system/column/admin/index.class.php implementation in the Metinfo CMS system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...

5.3CVSS7.7AI score0.02101EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder