CVE-2023-49453

Reflected cross-site scripting XSS vulnerability in Racktables v0.22.0 and before, allows local attackers to execute arbitrary code and obtain sensitive information via the search component in index.php...

CVE-2024-28816

Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php...

CVE-2024-28816

The CVE identifies a SQL injection in the Student Information Chatbot a0196ab, exposed via the login username parameter in index.php. The underlying flaw is unsanitized user input passed to a SQL query in the login function, enabling potential unauthorized access or data exposure. Exploitation st...

CVE-2024-28816

Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php...

CVE-2024-2282

A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component Login Page. The manipulation of the argument useremail leads to sql injection. The attack may be initiated...

CVE-2024-2282 boyiddha Automated-Mess-Management-System Login Page index.php sql injection

A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component Login Page. The manipulation of the argument useremail leads to sql injection. The attack may be initiated...

CVE-2024-2281 boyiddha Automated-Mess-Management-System Setting index.php access control

A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated...

CVE-2024-2281 boyiddha Automated-Mess-Management-System Setting index.php access control

A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated...

BIT-LIVEHELPERCHAT-2022-1191

SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96...

CVE-2024-2155

A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been...

CVE-2024-2155

The CVE-2024-2155 vulnerability affects SourceCodester Best POS Management System 1.0 and involves an index.php file inclusion: manipulating the page argument enables potential inclusion of local files. Multiple connected sources confirm this is a remote-vector issue with unknown specifics about ...

Petrol Pump Management Software 1.0 SQL Injection

Exploit Title: SQL Injection vulnerability in Petrol Pump Management Software v.1.0. Date: 01-03-2024 Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html Version:...

CVE-2023-49544

A local file inclusion LFI in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customersupport/index.php...

Sql injection

SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component...

CVE-2024-2077 SourceCodester Simple Online Bidding System index.php sql injection

A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument categoryid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-27746

SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component...

CVE-2024-1970 SourceCodester Online Learning System V2 index.php cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Online Learning System V2 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit h...

Simple School Managment System SQL Injection Vulnerability (CNVD-2024-14038)

Simple School Managment System is Code-projects open source a simple school management system . Simple School Managment System version 1.0 SQL injection vulnerability , the vulnerability stems from the application lack of external input SQL statement validation , an attacker can exploit the...

PT-2024-18460 · Unknown · Sourcecodester Online Learning System V2

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Learning System V2 version 1.0 Description: A problematic issue was found in the software, affecting an unknown function of the file /index.php. The manipulation of the page argument leads to cross-site scripting. It is...

CVE-2024-25304

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."...