CVE-2023-3562

A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack can be initiated remotely. The identifier of this...

CVE-2023-2962

A vulnerability, which was classified as critical, has been found in SourceCodester Faculty Evaluation System 1.0. Affected by this issue is some unknown functionality of the file index.php?page=edituser. The manipulation of the argument id leads to sql injection. The attack may be launched...

CVE-2022-30817

Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php...

CVE-2022-48178

X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Create Action function, aka an index.php/actions/update URI...

CVE-2022-42066

Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php...

CVE-2022-36254

Multiple persistent cross-site scripting XSS vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname"...

CVE-2022-30776

atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter...

CVE-2022-2728

A vulnerability was found in SourceCodester Gym Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /mygym/admin/index.php. The manipulation of the argument edittran leads to sql injection. The attack may be launched remotely. The...

CVE-2021-29343

Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php. The "checkbox" property into "text" data can be extracted and displayed in the text region or in source code...

CVE-2021-39408

Cross Site Scripting XSS vulnerability exists in Online Student Rate System 1.0 via the page parameter on the index.php file...

CVE-2021-38723

FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items...

CVE-2021-3293

emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file...

CVE-2021-43692

youtube-php-mirroring last update Jun 9, 2017 is affected by a Cross Site Scripting XSS vulnerability in file ytproxy/index.php...

CVE-2021-41756

dynamicMarkt = 3.10 is affected by SQL injection in the kat parameter of index.php...

CVE-2021-38243

xunruicms up to v4.5.1 was discovered to contain a remote code execution RCE vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request...

CVE-2021-37348

Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php...

CVE-2020-36037

An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php...

CVE-2020-19511

Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1 className and !2 Description fields in index.php/Admin/Classes,...

CVE-2020-5842

Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page...

CVE-2020-35388

rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true...