CVE-2021-44892

A Remote Code Execution RCE vulnerability exists in ThinkPHP 3.x.x via valuefilename in index.php, which could let a malicious user obtain server control privileges...

CVE-2021-45286

Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1 index.php, 2 bottom.php, and 3 topindex.php...

Sql injection

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php...

CVE-2020-20946

CVE-2020-20946 affects Qibosoft v7 (CMS) with a stored XSS vulnerability in the admin path /admin/index.php?lfj=friendlink&action=add. The root cause is input data not validated in the friendlink/add handler, enabling injected client-side script execution. CVSS metrics indicate a Low to Medium ov...

CVE-2021-44966

SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system...

CVE-2021-44966

SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system...

PT-2021-24187 · Unknown · Phpgurukul Employee Record Management System

Name of the Vulnerable Software and Affected Versions: PHPGURUKUL Employee Record Management System version 1.2 Description: The issue allows an attacker to bypass authentication via SQL injection in the index.php file, potentially granting access to an admin account. This could enable the attack...

Phpgurukul Employee Record Management System SQL注入漏洞

Employee Record Management System is an employee record management system. Employee Record Management System has a SQL injection vulnerability that originates from an SQL injection bypass authentication vulnerability via index.php, which can be exploited by an attacker to corrupt, alter, or...

showdoc Cross-site Request Forgery Vulnerability (CNVD-2021-94821)

showdoc is an open source tool for IT teams to share documents online. showdoc is vulnerable to cross-site request forgery, which can be exploited by attackers via "/server/index.php?s=/api/itemGroup/save"...

CVE-2021-43692

youtube-php-mirroring last update Jun 9, 2017 is affected by a Cross Site Scripting XSS vulnerability in file ytproxy/index.php...

CVE-2021-43693

vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php...

CVE-2021-43693

vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php...

CVE-2021-43692

youtube-php-mirroring last update Jun 9, 2017 is affected by a Cross Site Scripting XSS vulnerability in file ytproxy/index.php...

CVE-2021-43693

Vesta 0.9.8-24 is affected by a file inclusion vulnerability in web/add/user/index.php due to insufficient filtering and restriction on file references. This can be exploited to cause file inclusion, per CVE-2021-43693 and CNVD/CNNVD entries. The documents do not specify exploit details beyond th...

Made vesta 安全漏洞

Made vesta is a Made open source application. Made vesta version 0.9.8-24 contains a file inclusion vulnerability, which stems from a lack of filtering and restriction on file references in the web/add/user/index.php file, and can be exploited by attackers to cause file inclusion...

Sourcecodester Engineers Online Portal SQL Injection Vulnerability

Sourcecodester Engineers Online Portal is an open source online portal. Sourcecodester Engineers Online Portal in PHP is vulnerable to SQL injection, which can be exploited by attackers to bypass authentication via the login form in index.php...

CVE-2021-42665

An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication...

CVE-2021-42665

CVE-2021-42665 affects the Sourcecodester Engineers Online Portal (PHP) via the login.php form. The vulnerability is an SQL Injection in the authentication routine that can allow bypassing login without valid credentials. Affected component is the login mechanism (username/password fields), with ...

Sql injection

SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php...

xujinliang zibbs cross-site scripting vulnerability

Zibbs Zibbs Forum is a Bootstrap-based Php light forum system. xujinliang zibbs version 1.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of the route parameter in index.php. An attacker could use this vulnerability to execute...