CVE-2024-8294 FeehiCMS index.php update unrestricted upload

A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. This affects the function update of the file /admin/index.php?r=friendly-link%2Fupdate. The manipulation of the argument FriendlyLinkimage leads to unrestricted upload. It is possible to initiate the attack...

CVE-2024-8218 code-projects Online Quiz Site index.php sql injection

A vulnerability was found in code-projects Online Quiz Site 1.0 and classified as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument loginid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to th...

CVE-2024-8218

CVE-2024-8218 affects code-projects Online Quiz Site 1.0. Multiple connected sources confirm a SQL injection vulnerability in the file index.php caused by manipulating the loginid argument, with remote exploitation and public disclosure. The issue is documented across NVD/Red Hat/CVE lists and th...

CVE-2024-8166 Ruijie EG2000K index.php unrestricted upload

A vulnerability has been found in Ruijie EG2000K 11.16B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the argument content leads to unrestricted upload. The attack can be initiated remotely. The exploit has...

CVE-2024-41444

SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so...

CVE-2024-8147 code-projects Pharmacy Management System index.php sql injection

A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php?action=editPharmacist. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...

CVE-2024-8147 code-projects Pharmacy Management System index.php sql injection

A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php?action=editPharmacist. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...

CVE-2024-8146

A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The...

CVE-2024-42852

Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component...

CVE-2024-42852

Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component...

PT-2024-30185 · Unknown · Acutoweb Server

Name of the Vulnerable Software and Affected Versions: AcuToWeb server version 10.5.0.7577C8b Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the "index.php" component. This enables the attacker to perform unauthorized actions on the affected syste...

CVE-2024-42852

AcuToWeb server version 10.5.0.7577C8b is vulnerable to reflected cross-site scripting (XSS) via the portgw parameter. Un-sanitized user input is reflected in the response, enabling arbitrary JavaScript execution in victims’ browsers. Remediation: update AcuToWeb to the latest version and impleme...

CVE-2024-42565

ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/contact/delete?action=delete...

CVE-2024-42564

ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/inventory/delete?action=delete...

CVE-2024-7911 SourceCodester Simple Online Bidding System index.php file inclusion

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /simple-online-bidding-system/bidding/index.php. The manipulation of the argument page leads to file inclusion. It is possible to initiate the...

CVE-2024-7887

A vulnerability was found in LimeSurvey 6.3.0-231016 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php of the component File Upload. The manipulation of the argument size leads to denial of service. The attack may be launched remotely. The...

LimeSurvey 安全漏洞

LimeSurvey PHPSurveyor is an open source online questionnaire program from the LimeSurvey team, which supports survey program development, questionnaire publishing, and data collection. A security vulnerability exists in LimeSurvey version 6.3.0-231016, which stems from a denial of service due to...

Kashipara Live Membership System 安全漏洞

Kashipara Live Membership System is a live membership system from Kashipara Inc. A security vulnerability exists in Kashipara Live Membership System version v1.0, which originates from a SQL injection vulnerability in /index.php...

CVE-2024-7661 SourceCodester Car Driving School Management System index.php save_users cross-site request forgery

A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been classified as problematic. This affects the function saveusers of the file admin/user/index.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely...

CVE-2024-33991

Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/eventwinner/index.php'...