BackWPup < 4.0.2 - Authenticated (Administrator+) Directory Traversal

Description The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally,...

Sql injection

SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter...

CVE-2023-46024

SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter...

CVE-2023-46024

SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter...

CVE-2023-46024

The CVE-2023-46024 entry concerns the phpgurukul Teacher Subject Allocation Management System 1.0. Affected software/component: index.php in the application. Vulnerable vector: the searchdata parameter, where insufficient validation protection enables SQL injection. Root cause: lack of input vali...

CVE-2023-46015

Cross Site Scripting XSS vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via 'msg' parameter in application URL...

CVE-2023-46015

Cross Site Scripting XSS vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via 'msg' parameter in application URL...

CVE-2023-6075

A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file index.php of the component Reservation Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack...

Improper Authorization

prestashop/blockreassurance is vulnerable to Improper Authorization. The vulnerability arises due to a lack of validation during an image file check. While adding a block, an attacker can potentially enter the path of any file in the project instead of the image. When deleting the block, the file...

CVE-2023-46679 Online Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtunameemail' parameter of the index.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-4592

A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an...

CVE-2023-4592

A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an...

CVE-2023-5923

A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The...

Sql injection

SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component...

CVE-2023-46482

SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component...

CVE-2023-5794

A vulnerability was found in PHPGurukul Online Railway Catering System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to launch the attack...

CVE-2023-5794 PHPGurukul Online Railway Catering System Login index.php sql injection

A vulnerability was found in PHPGurukul Online Railway Catering System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to launch the attack...

PT-2023-32332 · Unknown · Phpgurukul Online Railway Catering System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Railway Catering System version 1.0 Description: A critical issue was found in the Login component of the PHPGurukul Online Railway Catering System. The manipulation of the username argument leads to SQL injection. This issu...

CVE-2023-46003

I-doit pro 25 and below is vulnerable to Cross Site Scripting XSS via index.php...

CVE-2023-46003

I-doit pro 25 and below is vulnerable to Cross Site Scripting XSS via index.php...