CVE-2023-7156

CVE-2023-7156 affects Campcodes Online College Library System v1.0, specifically the Search component’s index.php. The vulnerability arises from unsafely handling the category parameter, allowing SQL injection. This can be triggered remotely, and public disclosures exist (VDB-249178). Multiple so...

CVE-2023-7111 code-projects Library Management System index.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Affected is an unknown function of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2023-7111 code-projects Library Management System index.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Affected is an unknown function of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

Cross site scripting

A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument searchdata with the input alert5 leads to cross site scripting. The attack c...

CVE-2023-6649 PHPGurukul Teacher Subject Allocation Management System index.php cross site scripting

A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument searchdata with the input alert5 leads to cross site scripting. The attack c...

Cross site scripting

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit...

Design/Logic Flaw

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The exploit has been disclosed to...

CVE-2023-6618 SourceCodester Simple Student Attendance System index.php file inclusion

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The exploit has been disclosed to...

CVE-2023-6618

CVE-2023-6618 affects SourceCodester Simple Student Attendance System 1.0. The vulnerability is a file Inclusion in the file index.php caused by improper handling of the page (argument) parameter. Publicly disclosed exploit implies potential arbitrary file inclusion. Affected functionality is uns...

CVE-2023-6618 SourceCodester Simple Student Attendance System index.php file inclusion

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The exploit has been disclosed to...

CVE-2023-5008 Student Information System v1.0 - Unauthenticated SQL Injection

Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control...

CVE-2023-5008

CVE-2023-5008 affects the Student Information System v1.0. The unauthenticated SQL injection flaw is in the regno parameter of index.php, allowing an external attacker to dump all database contents and bypass login. CVSS v3.1: 9.8 (Network, Low attack complexity, No privileges, No user interactio...

CVE-2023-49967

Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc...

CVE-2023-49967

Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc...

Cross site scripting

A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, pluginsmsapikey, pluginsmscountrycode, uuid, title, or country name parameter to index.php...

CVE-2023-48208

A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, pluginsmsapikey, pluginsmscountrycode, uuid, title, or country name parameter to index.php...

CVE-2023-48208

A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, pluginsmsapikey, pluginsmscountrycode, uuid, title, or country name parameter to index.php...

CVE-2023-49967

Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc...

CVE-2023-49967

Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc...

VulnCheck KEV: CVE-2019-12593

IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal...