CVE-2022-4455

A vulnerability was identified in sproctor php-calendar up to 2.0.13. This impacts an unknown function of the file index.php. Such manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack may be launched remotely. The name of the patch is...

CVE-2022-4455 sproctor php-calendar index.php cross site scripting

A vulnerability was identified in sproctor php-calendar up to 2.0.13. This impacts an unknown function of the file index.php. Such manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack may be launched remotely. The name of the patch is...

PT-2022-27774 · Apache +1 · Apache Http Server +1

Name of the Vulnerable Software and Affected Versions: Akeneo PIM Community Edition versions prior to v5.0.119 and v6.0.53 Description: Akeneo PIM is an open source Product Information Management PIM that allows remote authenticated users to execute arbitrary PHP code on the server by uploading a...

PT-2022-26894 · Unknown · Csliuwy Coder-Chain Gdut

Name of the Vulnerable Software and Affected Versions: csliuwy coder-chain gdut affected versions not specified Description: A vulnerability has been found in csliuwy coder-chain gdut, classified as problematic. It affects an unknown functionality of the file "/back/index.php/user/User/?1". The...

CVE-2022-4229

A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsmsci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to t...

CVE-2022-4229 SourceCodester Book Store Management System index.php access control

A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsmsci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to t...

CVE-2022-45278

Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/getfields.html component...

CVE-2022-45278

Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/getfields.html component...

Sql injection

SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php...

CVE-2022-43256

SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php...

HTML Injection

froxlor is vulnerable to HTML Injection. The vulnerability exists due to index.php which allows an attacker to inject and execute malicious HTML content into the login webpage...

Cross site scripting

EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /module/reportevent/index.php...

CVE-2022-41432

EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /module/reportevent/index.php...

CVE-2022-42923

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete'...

CVE-2022-42923 SQL injection in Forma LMS

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete'...

Cross site scripting

Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php...

CVE-2022-42066

Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php...

CVE-2022-42066

CVE-2022-42066 affects Online Examination System version 1.0, with a cross-site scripting vulnerability exploitable via index.php. The issue is a client-side input handling flaw that can expose confidentiality and integrity risks (per CVSS data: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Exploitation ...

PT-2022-26229 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue is related to a cross-site scripting vulnerability. It can be exploited via the index.php file. Recommendations: For Online Examination System version 1.0, consider disabling access...

Joomla Vik Rent Car 1.14 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...