513 matches found
CVE-2024-1830
A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file Source/librarian/user/student/lost-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched...
needyamin SQL注入漏洞
needyamin is an open source library card borrowing system by needyamin. A SQL injection vulnerability exists in needyamin version 1.0, which stems from an incorrect manipulation of the email/password parameter that can lead to sql injection...
AutoLib Software Systems OPAC 安全漏洞
AutoLib Software Systems OPAC is a library management software from AutoLib Software Systems. A security vulnerability exists in AutoLib Software Systems OPAC version v20.10, which stems from the exposure of multiple API keys in the code. An attacker could use these keys to access back-end APIs o...
PT-2024-16658 · Guangzhou Tuchuang Computer Software Development · Interlib Library Cluster Automation Management System
Name of the Vulnerable Software and Affected Versions: Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System versions up to 2.0.1 Description: A critical vulnerability was found in the software, affecting unknown code of the file...
PT-2024-37078 · Unknown · Yordam Library Automation System
Name of the Vulnerable Software and Affected Versions: Yordam Library Automation System versions prior to 20.1 Description: The issue affects the Yordam Library Automation System, allowing interface manipulation due to improper restriction of excessive authentication attempts. This can lead to...
Yordam Library Automation System 安全漏洞
Yordam Library Automation System is an application from Yordam, Inc. A security vulnerability exists in Yordam Library Automation System versions prior to 20.1, which stems from an improperly restricted over-authentication attempt vulnerability that allows interface manipulation...
PT-2024-22550 · Koha Ils · Koha Ils
Name of the Vulnerable Software and Affected Versions: Koha ILS versions 23.05 and earlier Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the format parameter. Recommendations: For versions 23.05 and earlier, update to a version that contains a f...
CASAP Automated Enrollment 安全漏洞
CASAP Automated Enrollment is an automated enrollment system for the CASAP organization in the United States. The purpose of this project is to provide an automated enrollment system for CASAP to streamline the process for schools and make it more effective, efficient, and easily retrievable. A...
CVE-2024-33294
An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the FAILE variable in the studenteditphoto.php component...
CVE-2024-33294
CVE-2024-33294 pertains to the Library System (PHP/MySQLi) v1.0, where a flaw in the file component student_edit_photo.php allows a remote attacker to execute arbitrary code via the _FAILE variable. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) indicates a network-exposed, unauthentic...
Library System 安全漏洞
Library System is a library management system by nurhodelta17 individual developer. A security vulnerability exists in Library System version V1.0. A remote attacker can exploit this vulnerability to execute arbitrary code via the FAILE variable in the Studenteditphoto.php component...
CVE-2024-33294
An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the FAILE variable in the studenteditphoto.php component...
CVE-2024-33294
An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the FAILE variable in the studenteditphoto.php component...
PT-2024-25190 · Unknown · Library System
Name of the Vulnerable Software and Affected Versions: Library System version V1.0 Description: An issue in the Library System allows a remote attacker to execute arbitrary code via the FAILE variable in the student edit photo.php component. Recommendations: For Library System version V1.0,...
CVE-2024-3365
A vulnerability was found in SourceCodester Online Library System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/users/controller.php. The manipulation of the argument username leads to cross site scripting. The attack may be initiated remotely...
CVE-2024-3365 SourceCodester Online Library System controller.php cross site scripting
A vulnerability was found in SourceCodester Online Library System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/users/controller.php. The manipulation of the argument username leads to cross site scripting. The attack may be initiated remotely...
CVE-2024-3365
CVE-2024-3365 affects SourceCodester Online Library System 1.0. The vulnerability lies in the admin/users/controller.php file, where manipulation of the user_name argument enables a cross-site scripting (XSS) flaw. The issue is exploitable remotely and public exploits have been disclosed. Several...
CVE-2024-3365 SourceCodester Online Library System controller.php cross site scripting
A vulnerability was found in SourceCodester Online Library System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/users/controller.php. The manipulation of the argument username leads to cross site scripting. The attack may be initiated remotely...
CVE-2024-3364
A vulnerability was found in SourceCodester Online Library System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file admin/books/index.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The explo...
CVE-2024-3364
A vulnerability was found in SourceCodester Online Library System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file admin/books/index.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The explo...