70 matches found
PT-2024-38292 · Sourcecodester · Sourcecodester Tracking Monitoring Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Tracking Monitoring Management System version 1.0 Description: A critical issue was found in the system, affecting the /ajax.php?action=save establishment file. The manipulation of the id argument leads to SQL injection. The...
SourceCodester Tracking Monitoring Management System 跨站脚本漏洞
SourceCodester Tracking Monitoring Management System is a monitoring management system from SourceCodester, Inc. A cross-site scripting vulnerability exists in SourceCodester Tracking Monitoring Management System version 1.0, which is caused by a cross-site scripting vulnerability in the name...
Remote Monitoring & Management software used in phishing attacks
Remote Monitoring & Management RMM software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today, streamlining tasks and ensuring network integrity from afar. However, these same tools have caught the eye of cybercriminals, who exploit them to...
CISA Releases JCDC Remote Monitoring and Management (RMM) Cyber Defense Plan
Today, CISA released the Remote Monitoring and Management RMM Cyber Defense Plan, the first proactive Plan developed by industry and government partners through the Joint Cyber Defense Collaborative JCDC. This plan addresses systemic risks facing the exploitation of RMM software. Cyber threat...
PT-2023-24861 · Percona · Percona Monitoring/Management
Name of the Vulnerable Software and Affected Versions: Percona Monitoring and Management PMM server versions 2.x through 2.37.0 Description: The issue arises from the authenticate function in auth server.go not properly formalizing and sanitizing URL paths, which fails to reject path traversal...
CVE-2023-34409
In Percona Monitoring and Management PMM server 2.x before 2.37.1, the authenticate function in authserver.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticat...
CVE-2023-1950
A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file password-recovery.php of the component Password Recovery. The manipulation of the argument emailid/contactno leads to...
CVE-2023-1949
A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file change-password.php of the component Change Password Handler. The manipulation of the argument password leads to sql injection. It is possibl...
Sql injection
A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file password-recovery.php of the component Password Recovery. The manipulation of the argument emailid/contactno leads to...
Cross site scripting
A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file add-family-member.php of the component Add New Family Member Handler. The manipulation of the argument Member Name leads t...
CVE-2023-1950 PHPGurukul BP Monitoring Management System Password Recovery password-recovery.php sql injection
A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file password-recovery.php of the component Password Recovery. The manipulation of the argument emailid/contactno leads to...
CVE-2023-1949 PHPGurukul BP Monitoring Management System Change Password change-password.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file change-password.php of the component Change Password Handler. The manipulation of the argument password leads to sql injection. It is possibl...
CVE-2023-1948 PHPGurukul BP Monitoring Management System Add New Family Member add-family-member.php cross site scripting
A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file add-family-member.php of the component Add New Family Member Handler. The manipulation of the argument Member Name leads t...
BP Monitoring Management System 跨站脚本漏洞
BP Monitoring Management System is a web-based application by the individual developer of phpgurukul. A cross-site scripting vulnerability exists in version 1.0 of the PHPGurukul BP Monitoring Management System, which stems from an issue with the file add-family-member.php, where manipulation of...
BP Monitoring Management System SQL注入漏洞
BP Monitoring Management System is a web-based application by the individual developer of phpgurukul. A SQL injection vulnerability exists in version 1.0 of the PHPGurukul BP Monitoring Management System, which stems from a problem with the file change-password.php, where manipulation of the...
CVE-2023-1909
A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file profile.php of the component User Profile Update Handler. The manipulation of the argument name/mobno leads to sql injection. It is possible ...
Sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file profile.php of the component User Profile Update Handler. The manipulation of the argument name/mobno leads to sql injection. It is possible ...
CVE-2023-1909
The CVE-2023-1909 entry concerns PHPGurukul BP Monitoring Management System 1.0. The User Profile Update Handler’s profile.php is affected; the issue arises from manipulating the name and mobno arguments, enabling a SQL injection. The vulnerability is exploitable remotely and has been disclosed p...
CVE-2023-27074
BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page...
CVE-2023-27074
BP Monitoring Management System v1.0 contains a SQL injection vulnerability in the login page, exploitable via the emailid parameter. The issue, as described across the CVE records, is caused by unparameterized SQL in the authentication flow, leading to potential disclosure, modification, or dest...