CVE-2024-11492

CVE-2024-11492 affects 115cms up to 20240807 (Guizhou Forxin Technology). The vulnerability is a cross-site scripting issue in the admin web path /index.php/admin/web/appurladd.html triggered by the tid parameter, allowing remote initiation. Public disclosure is noted; vendor did not respond. The...

CVE-2024-11491

CVE-2024-11491 affects 115cms (up to version 20240807). Affected component: file /index.php/admin/web/useradmin.html. Root cause: manipulation of the ks argument enables cross-site scripting (XSS). Exploitation can be remote; the exploit has been disclosed publicly. Evidence in PT-2024-17030 and ...

CVE-2024-11258 1000 Projects Beauty Parlour Management System index.php sql injection

A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has bee...

ROS-20241112-11

A vulnerability in the index.php component of Enterprise Server, a cloud-based software package for creating and using Nextcloud Server data storage is related to an access control flaw. Exploitation of the vulnerability could allow an attacker acting remotely to modify or delete VCards in the...

CVE-2024-11100 1000 Projects Beauty Parlour Management System index.php sql injection

A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely...

CVE-2024-11077 code-projects Job Recruitment index.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Job Recruitment 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to...

PT-2024-16740 · Unknown · Code-Projects Job Recruitment

Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment version 1.0 Description: A critical vulnerability was found in the code-projects Job Recruitment software. The issue affects an unknown function of the file /index.php. The manipulation of the email argument lead...

CVE-2024-10758 code-projects/anirbandutta9 Content Management System/News-Buzz index.php sql injection

A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack...

PT-2024-16521 · Unknown +1 · Code-Projects/Anirbandutta9 Content Management System +1

Name of the Vulnerable Software and Affected Versions: code-projects/anirbandutta9 Content Management System and News-Buzz version 1.0 Description: A critical issue was found in the software, affecting an unknown part of the file /index.php. The manipulation of the user name argument leads to SQL...

CVE-2024-51060

Projectworlds Online Admission System v1 is vulnerable to SQL Injection in index.php via the 'aid' parameter...

CVE-2024-51065

Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php via the the username parameter...

CVE-2024-51065

Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php via the the username parameter...

CVE-2024-51060

Projectworlds Online Admission System v1 is vulnerable to SQL Injection in index.php via the 'aid' parameter...

CVE-2024-51060

Projectworlds Online Admission System v1 is vulnerable to SQL Injection in index.php via the 'aid' parameter...

CVE-2024-51060

CVE-2024-51060 affects Projectworlds Online Admission System v1. The vulnerability is a SQL Injection in the file index.php reachable via the a_id parameter. The data shows a high-severity, network-exploitable issue with potential impact on confidentiality and integrity (CVSS 3.1 base score 9.1)....

GHSA-PJHX-J53P-C5F5 ThinkPHP deserialization vulnerability

A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code...

CVE-2024-48112

A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code...

CVE-2024-46531

phpgurukul Vehicle Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchinputdata parameter at /index.php...

CVE-2024-46531

phpgurukul Vehicle Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchinputdata parameter at /index.php...

CVE-2024-46531

This CVE affects phpgurukul Vehicle Record Management System v1.0 and is caused by a SQL injection in the searchinputdata parameter of /index.php. Multiple sources describe the vulnerability path and exploitation could lead to unauthorized data access or exposure of sensitive database data. The C...