CVE-2018-18939

An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field...

CVE-2018-18938

An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field...

CVE-2018-18939

An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field...

CVE-2018-18724

An XSS issue was discovered in index.php/admin/category/editcategory?id=73 in YUNUCMS 1.1.5...

CVE-2018-18720

An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5...

CVE-2018-18704

PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter...

CVE-2018-18711

An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=editinfo...

Sql injection

PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php...

Sql injection

PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter...

Cross site scripting

An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5...

Cross site scripting

An XSS issue was discovered in index.php/admin/category/editcategory?id=73 in YUNUCMS 1.1.5...

SaltOS Erp Crm 3.1 r8126 - SQL Injection (2)

SaltOS Erp Crm 3.1 r8126 - SQL Injection 2 Exploit Title: SaltOS Erp, Crm 3.1 r8126 - SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.saltos.org/ Software Link:...

CVE-2018-18723

An XSS issue was discovered in index.php/admin/area/editarea/id/110000 in YUNUCMS 1.1.5...

CVE-2018-18723

CVE-2018-18723 is an XSS vulnerability in YUNUCMS 1.1.5, located at index.php/admin/area/editarea/id/110000. The connected documents confirm the affected product/version and the specific vulnerable parameter/path, but do not provide details on the underlying root cause, exploit techniques, or ava...

CVE-2018-18704

PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter...

CVE-2018-18705

PhpTpoint Hospital Management System (PHP) contains multiple SQL injection vulnerabilities reachable via index.php (user parameter in LOGIN.php) and via rno parameters to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php. Exploitation could allow bypassing login to obtain database information or exe...

CVE-2018-18622

CVE-2018-18622 affects Waimai Super Cms 20150505. The issue is a Cross-Site Scripting (XSS) vulnerability exploitable through the username parameter in index.php?m=public&a=doregister, as reported by multiple sources (Red Hat, CNVD, NVD). Root cause is unsanitized input that allows injection of s...

CVE-2018-18417

In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI...

CVE-2018-18417

In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI...

Ekushey Project Manager CRM 3.1 Cross Site Scripting Vulnerability

Ekushey Project Manager CRM version 3.1 suffers from a persistent cross site scripting vulnerability. Exploit Title: Ekushey Project Manager CRM 3.1 - Cross-site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: http://creativeitem.com/ Software Link : http://creativeitem.com/demo/ekushe...