Library System 1.0 - 'category' SQL Injection

Exploit Title: Library System 1.0 - 'category' SQL Injection Exploit Author: Aitor Herrero Date: 2021-01-22 Vendor Homepage: https://www.sourcecodester.com/php/12275/library-system-using-php.html Software Link: https://www.sourcecodester.com/php/12275/library-system-using-php.html Version: 1.0...

Library System 1.0 SQL Injection

Exploit Title: Library System 1.0 - 'category' SQL Injection Exploit Author: Aitor Herrero Date: 2021-01-22 Vendor Homepage: https://www.sourcecodester.com/php/12275/library-system-using-php.html Software Link: https://www.sourcecodester.com/php/12275/library-system-using-php.html Version: 1.0...

Arbitrary File Download Vulnerability in MTCEO Repository System

MTCEO library system using php + mysql, built by thinkphp underlying , Baidu library template style for the basic style . MTCEO library system exists arbitrary file download vulnerability, attackers can use the vulnerability to obtain sensitive information...

SQL Injection Vulnerability in MTCEO Repository System

MTCEO library system using php mysql, by thinkphp to build the bottom layer, Baidu library template style as the basic style. MTCEO library system SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...

SourceCodester Online Library Management System Code Issue Vulnerability

SourceCodester Online Library Management System is an online library management system from SourceCodester, Inc. in the United States. A security vulnerability exists in version 1.0 of the SourceCodester Online Library Management System, which originates from an arbitrary file upload in the uploa...

CVE-2020-28130

An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos under the web root...

SQL injection vulnerability in ad***.cl***.php file in the backend of MTCEO repository system

MTCEO library system using php + mysql, built by thinkphp underlying , Baidu library template style for the basic style . MTCEO library system background ad.cl.php file SQL injection vulnerability. Attackers can use the vulnerability to obtain database sensitive information...

CVE-2020-25514

Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http:///lms/admin.php...

Design/Logic Flaw

Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http:///lms/admin.php...

File Upload Vulnerability in Seven Bears Library System v3.4

Seven bears is similar to Baidu library, can realize the document sharing, selling library CMS system. After the user uploads the source document, seven bears will automatically transcode the document into HTML, after the success of the document HTML back to the library CMS. to realize...

Solis Gnuteca SQL Injection Vulnerability

Solis Gnuteca is a library management system from Solis Brazil. The system includes features such as e-mail alerts, automated inventory, location tracking and user registration. A SQL injection vulnerability exists in Solis Gnuteca version 3.8. The vulnerability stems from a database-based...

SQL Injection Vulnerability in UILAS Library Clustered Regional Consortium Management System (CNVD-2020-31497)

UILAS library cluster regional union management system adopts C/S+B/S mode, C/S mode is mainly for libraries that have high precision requirements for editing, the editing system of C/S mode is mainly for the continuation of the editing module of ILASII and ILASIII system, and further enhancement...

SQL Injection Vulnerability in Seven Bears Library System v3.4

Seven bears is similar to Baidu library, can realize the document sharing, selling library CMS system. After the user uploads the source document, seven bears will automatically transcode the document into HTML, after the success of the document HTML back to the library CMS. to realize...

SQL injection vulnerability in the ne***.cl***.php file of the Seven Bears library system

Seven bears library system a similar Baidu library online document preview, selling system. A SQL injection vulnerability exists in the ne.cl.php file. An attacker can exploit the vulnerability to obtain sensitive information from the database...

File Upload Vulnerability in Chinese Online Digital Library System v6.4.6.3

Chinese Online Digital Library is a digital library program under Chinese Online, serving institutional users, helping to establish a wall-less, low-cost, healthy and legal knowledge center, improving library services and speeding up information construction. A file upload vulnerability exists in...

CVE-2018-1000669

KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Request Forgery CSRF vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments a...

CVE-2018-1000669

KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Request Forgery CSRF vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments a...

Cross site scripting

KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Scripting XSS vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=number ,...

CVE-2018-1000670

KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Scripting XSS vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=number ,...

Cross site request forgery (csrf)

KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Request Forgery CSRF vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments a...