Aplikasi Sistem Informasi Kelulusan CMS 1.0.9 Local File Inclusion

==================================================================================================================================== | Title : Aplikasi Sistem Informasi Kelulusan CMS v 1.0.9 ASIK LFI Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...

CRM Platform 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

GZ Multi Hotel Booking System 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

CVE-2023-3457

The CVE-2023-3457 entry concerns SourceCodester Shopping Website 1.0, with a vulnerability in the index.php file where manipulating the username parameter enables SQL injection. This allows remote exploitation and the exploit has been disclosed publicly. Affected component: index.php function han...

CVE-2023-3457 SourceCodester Shopping Website index.php sql injection

A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...

PT-2023-24927 · Unknown · Sourcecodester Shopping Website

Name of the Vulnerable Software and Affected Versions: SourceCodester Shopping Website version 1.0 Description: A critical issue has been found, affecting an unknown function of the file index.php. The manipulation of the username argument leads to sql injection, allowing remote attacks. The...

CVE-2020-18414

Stored cross site scripting XSS vulnerability in Chaoji CMS v2.18 that allows attackers to execute arbitrary code via /index.php?admin-master-webset...

PT-2023-11498 · Unknown · Chaoji Cms

Name of the Vulnerable Software and Affected Versions: Chaoji CMS version 2.18 Description: A stored cross site scripting XSS issue in the /index.php?admin-master-article-edit endpoint of Chaoji CMS allows attackers to obtain administrator privileges. Recommendations: For Chaoji CMS version 2.18,...

CVE-2020-21366

Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php...

CVE-2020-21489

File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component...

Cross site request forgery (csrf)

Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php...

CVE-2020-21366

Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php...

CVE-2020-21366

GreenCMS v2.3 is affected by a Cross-Site Request Forgery vulnerability that lets an attacker gain privileges via the adduser function in index.php. Root cause appears to be CSRF in the user-creation flow; CVSS v3.1 base score 8.0 (HIGH) with network attack vector, low complexity and user interac...

CVE-2023-34752

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit...

CVE-2023-34750

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit...

CVE-2023-34756

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit...

Sql injection

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit...

CVE-2023-34752

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit...

CVE-2023-34754

Affected software: bloofox CMS 0.5.2.1. Vulnerability: SQL injection in the pid parameter of admin/index.php?mode=settings&page=plugins&action=edit. Root cause: input from pid is used in SQL without sufficient sanitization (CWE-89). Impact: arbitrary SQL queries, potentially leading to data leaka...

WordPress Plugin Page Builder: KingComposer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Page Builder: KingComposer...