CVE-2021-41434

A stored Cross-Site Scripting XSS vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php...

Cross site scripting

A stored Cross-Site Scripting XSS vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php...

CVE-2021-41434

A stored Cross-Site Scripting XSS vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php...

CVE-2022-40444

Summary: CVE-2022-40444 affects ZZCMS 2022 and enables a full path disclosure through the admin URL /admin/index.PHP? _server, leaking the server file path via error information. The root cause is inadequate protection of sensitive information in ZZCMS 2022 (per multiple sources). Affected produc...

Directory traversal

Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information remote. The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig...

CVE-2022-37190

CuppaCMS 1.0 is vulnerable to Remote Code Execution RCE. An authenticated user can control both parameters action and function from "/api/index.php...

Cross site scripting

Multiple persistent cross-site scripting XSS vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname"...

CVE-2022-36254

The connected PT-2022-23273 entry provides concrete details for CVE-2022-36254: tramyardg Hotel Management System 1.0 (index.php) is vulnerable to persistent XSS via the fullname parameter, enabling remote script/HTML injection. Affected component is index.php; root cause is improper handling of ...

Cross site scripting

PicUploader v2.6.3 was discovered to contain a cross-site scripting XSS vulnerability via the component /master/index.php...

CVE-2022-36748

PicUploader v2.6.3 was discovered to contain a cross-site scripting XSS vulnerability via the component /master/index.php...

CVE-2022-36748

CVE-2022-36748 affects PicUploader v2.6.3, with a Cross-Site Scripting (XSS) vulnerability exposed through the /master/index.php component. The NVD entry documents the vulnerability as an XSS with a network attack vector, requiring user interaction, and reports low impact on confidentiality and i...

CVE-2022-3012

A vulnerability was found in oretnom23 Fast Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file ffos/admin/reports/index.php. The manipulation of the argument date leads to sql injection. The attack may be launched remotely. The...

CVE-2022-36168

A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php:...

CVE-2022-25228

CVE-2022-25228 : Affected software is CandidATS 3.0.0 Beta. An authenticated user can inject SQL via parameters on several endpoints: /index.php?m=settings&a=show (userID), /index.php?m=candidates&a=show (candidateID), /index.php?m=joborders&a=show (jobOrderID), and /index.php?m=companies&a=show ...

CVE-2022-2876 SourceCodester Student Management System index.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Student Management System. Affected is an unknown function of the file index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed...

Design/Logic Flaw

Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to an iFrame injection attack, via the url parameter of /module/moduleframe/index.php...

Sql injection

A vulnerability classified as critical was found in SourceCodester Guest Management System. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username/pass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...

CVE-2022-2812 SourceCodester Guest Management System index.php sql injection

A vulnerability classified as critical was found in SourceCodester Guest Management System. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username/pass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...

CVE-2022-2812 SourceCodester Guest Management System index.php sql injection

A vulnerability classified as critical was found in SourceCodester Guest Management System. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username/pass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...

PT-2022-18824 · Sourcecodester · Sourcecodester Guest Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Guest Management System affected versions not specified Description: A critical issue was found in the SourceCodester Guest Management System, affecting the file index.php. The manipulation of the username/pass argument leads t...