CVE-2024-5384

SourceCodester Facebook News Feed Like 1.0 is affected by CVE-2024-5384 due to unsanitized manipulation of the page parameter in index.php, enabling SQL injection. The issue can be exploited remotely over network with no authentication. Exploitation details beyond this are not provided in the con...

CVE-2024-5384 SourceCodester Facebook News Feed Like index.php sql injection

A vulnerability classified as critical was found in SourceCodester Facebook News Feed Like 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to sql injection. The attack can be initiated remotely. VDB-266302 is the identifier assigned ...

CVE-2024-5312

PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /phpservermon-3.2.0/vendor/phpmailer/phpmailer/testscript/index.php page in all visible parameters. An attacker could create a specially crafted URL, send it to a victim and retrieve their session details...

CVE-2024-5312

CVE-2024-5312 describes an XSS in PHP Server Monitor 3.2.0. Affected component: the index.php under /vendor/phpmailer/phpmailer/test_script/index.php, where all visible parameters are vulnerable. An attacker can craft a URL that, when visited by a user, could expose the victim’s session details. ...

CVE-2024-5048 code-projects Budget Management index.php sql injection

A vulnerability classified as critical was found in code-projects Budget Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument edit leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2024-5048

The CVE-2024-5048 entry concerns code-projects Budget Management 1.0. The vulnerability is triggered via the /index.php file, where manipulating the edit parameter enables SQL injection. Attackers can exploit remotely, and public disclosures exist (exploit disclosed). The issue is supported by mu...

Budget Management SQL注入漏洞

SourceCodester Budget Management System is an application from SourceCodester, Inc. It provides a function to calculate exact expenses through a web application. A SQL injection vulnerability exists in Budget Management version 1.0, which stems from the parameter edit in the file /index.php that...

Simple Online Bidding System SQL Injection Vulnerability

Simple Online Bidding System is an online bidding system by oretnom23 individual developer. A SQL injection vulnerability exists in Simple Online Bidding System version 1.0, which originates from /simple-online-bidding-system/index.php, which contains unknown code that leads to SQL injection via...

CVE-2024-4818

A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been...

CVE-2024-4818 Campcodes Online Laundry Management System index.php file inclusion

A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been...

CVE-2024-4818

CVE-2024-4818 affects Campcodes Online Laundry Management System 1.0. A vulnerability in the /index.php? page parameter enables (remote) file inclusion via manipulation of the page argument. This is a network-accessible path with no authentication required; the impact wording in sources cites pos...

CVE-2024-33409

SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter...

CVE-2024-33409

SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter...

CVE-2024-33409

CVE-2024-33409 describes an SQL injection in the Campcodes Complete Web-Based School Management System 1.0. The vulnerable component is the index.php and the name parameter; the underlying cause is improper input handling enabling arbitrary SQL execution. Documents indicate a high-severity impact...

CVE-2024-34469

Rukovoditel before 3.5.3 allows XSS via userphoto to index.php?module=users/registration&action=save...

CVE-2024-34469

Rukovoditel before 3.5.3 allows XSS via userphoto to index.php?module=users/registration&action=save...

CVE-2024-34469

Rukovoditel prior to version 3.5.3 is vulnerable to cross-site scripting via the user_photo parameter in index.php?module=users/registration&action=save. The root cause is improper handling/validation of the user_photo input, allowing injected scripts to execute. Affected product: Rukovoditel web...

CVE-2024-34401

Savsoft Quiz 6.0 allows stored XSS via the index.php/quiz/insertquiz/ quizname parameter...

CVE-2024-33832

OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery SSRF via the component /index.php?c=api&method=getlinkinfo...

CVE-2024-33832

OneNav v0.9.35-20240318 was discovered to contain a Server-Side Request Forgery SSRF via the component /index.php?c=api&method=getlinkinfo...