14 matches found
CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via Posts Added to Menu Persistent Payload Injection - Stored Cross-Site Scripting via Unsafe Rendering of Post Entries in Menu Management Description The application fails to properly sanitize user-controlled input when adding Posts to navigation menus throu...
CVE-2018-25187
Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes, or inject SQL code through the men...
CVE-2018-25187
Tina4 Stack 1.0.3 is affected by multiple vulnerabilities: an unauthenticated SQL injection and a database file download. The description states attackers can directly request the kim.db file to obtain user credentials and password hashes, and can inject SQL code via the menu endpoint to manipula...
PT-2026-23697
Name of the Vulnerable Software and Affected Versions Tina4 Stack version 1.0.3 Description Tina4 Stack version 1.0.3 has multiple issues that allow unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database...
CVE-2025-34266
Advantech WISE-DeviceOn Server versions prior to 5.4 are affected by a stored XSS in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds/edits an AddIns menu entry, the label and path are stored in plugin configuration data and later rendered in the AddIns UI without ...
CVE-2024-8559
A vulnerability, which was classified as critical, has been found in SourceCodester Online Food Menu 1.0. This issue affects some unknown processing of the file /endpoint/delete-menu.php. The manipulation of the argument menu leads to sql injection. The attack may be initiated remotely. The explo...
PT-2024-39096 · Sourcecodester · Sourcecodester Online Food Menu
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Food Menu version 1.0 Description: A critical issue has been found in the processing of the file /endpoint/delete-menu.php. The manipulation of the argument menu leads to SQL injection. The attack may be initiated...
Online Food Menu SQL注入漏洞
Online Food Menu is an online food menu by rems individual developer. A SQL injection vulnerability exists in Online Food Menu version 1.0, which originates from a SQL injection vulnerability in the menu parameter of the /endpoint/delete-menu.php file...
CVE-2024-30866
netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/menu.php...
PT-2024-23644 · Netentsec · Netentsec Ns-Asg
Name of the Vulnerable Software and Affected Versions: netentsec NS-ASG version 6.3 Description: The issue is related to SQL Injection. It can be exploited via the "/3g/menu.php" API endpoint. Recommendations: For netentsec NS-ASG version 6.3, consider restricting access to the "/3g/menu.php"...
Online Food Ordering System 代码问题漏洞
Online Food Ordering System is an online food ordering system by Carlo Montero, a personal developer. A security vulnerability exists in Online Food Ordering System v2.0, which is caused by an arbitrary file upload vulnerability in the component /admin/ajax.php?action=savemenu, which can be...
PT-2023-16117 · Unknown · Sourcecodester Online Food Ordering System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Food Ordering System version 2.0 Description: A critical issue affects an unknown functionality of the file /fos/admin/index.php?page=menu of the component Menu Form. The manipulation of the argument Image with the input...
CVE-2022-32330
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=deletemenu...
CVE-2022-32336
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/viewmenu.php?id=...