509 matches found
SourceCodester Online Library Management System Code Issue Vulnerability
SourceCodester Online Library Management System is an online library management system from SourceCodester, Inc. in the United States. A security vulnerability exists in version 1.0 of the SourceCodester Online Library Management System, which originates from an arbitrary file upload in the uploa...
CVE-2020-28130
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos under the web root...
SQL injection vulnerability in ad***.cl***.php file in the backend of MTCEO repository system
MTCEO library system using php + mysql, built by thinkphp underlying , Baidu library template style for the basic style . MTCEO library system background ad.cl.php file SQL injection vulnerability. Attackers can use the vulnerability to obtain database sensitive information...
CVE-2020-25514
Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http:///lms/admin.php...
Design/Logic Flaw
Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http:///lms/admin.php...
File Upload Vulnerability in Seven Bears Library System v3.4
Seven bears is similar to Baidu library, can realize the document sharing, selling library CMS system. After the user uploads the source document, seven bears will automatically transcode the document into HTML, after the success of the document HTML back to the library CMS. to realize...
Solis Gnuteca SQL Injection Vulnerability
Solis Gnuteca is a library management system from Solis Brazil. The system includes features such as e-mail alerts, automated inventory, location tracking and user registration. A SQL injection vulnerability exists in Solis Gnuteca version 3.8. The vulnerability stems from a database-based...
SQL Injection Vulnerability in UILAS Library Clustered Regional Consortium Management System (CNVD-2020-31497)
UILAS library cluster regional union management system adopts C/S+B/S mode, C/S mode is mainly for libraries that have high precision requirements for editing, the editing system of C/S mode is mainly for the continuation of the editing module of ILASII and ILASIII system, and further enhancement...
SQL Injection Vulnerability in Seven Bears Library System v3.4
Seven bears is similar to Baidu library, can realize the document sharing, selling library CMS system. After the user uploads the source document, seven bears will automatically transcode the document into HTML, after the success of the document HTML back to the library CMS. to realize...
SQL injection vulnerability in the ne***.cl***.php file of the Seven Bears library system
Seven bears library system a similar Baidu library online document preview, selling system. A SQL injection vulnerability exists in the ne.cl.php file. An attacker can exploit the vulnerability to obtain sensitive information from the database...
File Upload Vulnerability in Chinese Online Digital Library System v6.4.6.3
Chinese Online Digital Library is a digital library program under Chinese Online, serving institutional users, helping to establish a wall-less, low-cost, healthy and legal knowledge center, improving library services and speeding up information construction. A file upload vulnerability exists in...
CVE-2018-1000669
KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Request Forgery CSRF vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments a...
CVE-2018-1000669
KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Request Forgery CSRF vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments a...
CVE-2018-1000670
KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Scripting XSS vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=number ,...
Cross site scripting
KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Scripting XSS vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=number ,...
Cross site request forgery (csrf)
KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Request Forgery CSRF vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments a...
CVE-2018-1000670
KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Scripting XSS vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=number ,...
CVE-2018-1000669
KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Request Forgery CSRF vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments a...
CVE-2018-1000670
KOHA Library System versions 16.11.x (up to 16.11.13) and 17.05.x (up to 17.05.05) are affected by a Cross Site Scripting (XSS) vulnerability in multiple fields across several pages (e.g., /cgi-bin/koha/acqui/supplier.pl?op=enter, /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number], /cgi-bi...
CVE-2018-1000670
KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Scripting XSS vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=number ,...