CVE-2020-36002

Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information...

PT-2021-11898 · Unknown · Seat Reservation System

Name of the Vulnerable Software and Affected Versions: Seat-Reservation-System version 1.0 Description: The issue is related to a SQL injection vulnerability in the index.php file, specifically affecting the id and file parameters. This allows attackers to obtain sensitive database information...

CVE-2021-3293

emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file...

CVE-2021-3293

emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file...

CVE-2021-3293

Affected software: emlog v5.3.1. Vulnerability: full path disclosure in t/index.php, enabling an attacker to view the path to the webroot/file. Root cause/impact: information disclosure of the server’s filesystem structure; no explicit exploit details provided in the documents. Exploitation statu...

Sql injection

College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query...

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2021-07540)

Revive Adserver is an open source ad server under the GNU General Public License license with an integrated banner management interface and a tracking system for collecting statistical information. A reflected cross-site scripting vulnerability exists in userlog-index.php in Revive Adserver...

CVE-2021-22874

Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the periodpreset parameter...

Cross site scripting

Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the periodpreset parameter...

CVE-2021-22874

Revive Adserver prior to 5.1.1 is affected by a reflected XSS in userlog-index.php via the period_preset parameter. Public details include a proof-of-concept from HackerOne showing injection on /admin/userlog-index.php with period_preset, enabling script injection and potential cookie theft or re...

CVE-2020-23644

XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg=XSS to Home/c/ErrorController.php...

Advanced Comment System 1.0 - 'ACS_path' Path Traversal

Exploit Title: Advanced Comment System 1.0 - 'ACSpath' Path Traversal Date: Fri, 11 Dec 2020 Exploit Author: Francisco Javier Santiago Vázquez aka "n0ipr0cs" Vendor Homepage: Advanced Comment System - ACS Version: v1.0 CVE: CVE-2020-35598...

CVE-2020-35388

rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true...

Design/Logic Flaw

rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true...

CVE-2020-28184

Cross-site scripting XSS vulnerability in TerraMaster TOS = 4.2.06 allows remote authenticated users to inject arbitrary web script or HTML via the mod parameter to /module/index.php...

EGavilan Barcodes generator cross-site scripting vulnerability

Egavilan Media Barcodes generator is a Php-based barcode generator for product names from Egavilan Media. EGavilan Barcodes generator 1.0 suffers from a cross-site scripting vulnerability that originates from cross-site scripting XSS via index.php. An attacker can exploit this vulnerability to...

Phpjabbers Appointment Scheduler Cross-Site Scripting Vulnerability

Phpjabbers Appointment Scheduler is a Php-based appointment scheduler plugin for planning time and scheduling meetings from Phpjabbers Serbia. PHPJabbers Appointment Scheduler 2.3 is vulnerable to a cross-site scripting vulnerability that originates in the index.php administrative login page with...

ListingPro < 2.6.1 - Unauthenticated Sensitive Data Disclosure (Usernames, Emails etc)

Unauthenticated users could gain access to sensitive data, such as usernames, full names, email addresses and in some case phone numbers by sending a request to /wp-admin/index.php?download-lp-users=yes which is registered to the init hook...

CVE-2020-35396

EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting XSS via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the website...

Cross site scripting

EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting XSS via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the website...