110 matches found
CVE-2025-1475 WPCOM Member <= 1.7.5 - Authentication Bypass via 'user_phone'
The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'userphone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any existing user on t...
CVE-2024-6328
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebasesmslogin' and 'firebasesmsloginv2' functions...
WordPress plugin Feedify – Web Push Notifications 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...
PT-2024-17267 · WordPress · Feedify – Web Push Notifications
Name of the Vulnerable Software and Affected Versions: The Feedify – Web Push Notifications plugin for WordPress versions up to, and including, 2.4.2 Description: The issue is related to Reflected Cross-Site Scripting via the platform, phone, email, and store url parameters due to insufficient...
CodeAstro Hospital Management System 安全漏洞
CodeAstro Hospital Management System is a hospital management system from CodeAstro, Inc. A security vulnerability exists in CodeAstro Hospital Management System version 1.0 that stems from incorrect manipulation of the parameters vname, vadr, vnumber, vemail, vphone, and vdesc can lead to...
PT-2024-17147 · Unknown · Code-Projects Simple Car Rental System
Name of the Vulnerable Software and Affected Versions: code-projects Simple Car Rental System version 1.0 Description: A critical issue has been found in the code-projects Simple Car Rental System. The problem is related to an unknown function of the file /book car.php, where the manipulation of...
Code-Projects Simple Car Rental System 注入漏洞
Code-Projects Simple Car Rental System is an open source car rental software from Code-Projects. An injection vulnerability exists in Code-Projects Simple Car Rental System version 1.0, which stems from incorrect manipulation of the parameters fname, idno, gender, email, phone, and location can...
Teachers Record Management System add-teacher.php File SQL Injection Vulnerability
Teachers Record Management System is a teacher record management system. Teachers Record Management System is vulnerable to a SQL injection vulnerability that stems from the presence of a SQL injection vulnerability in the add-teacher.php file via a cell phone number or email parameter. No detail...
PHPGurukul Teachers Record Management System 安全漏洞
Teachers Record Management System is a teacher record management system. Teachers Record Management System is vulnerable to a SQL injection vulnerability that stems from the presence of a SQL injection vulnerability in the add-teacher.php file via a cell phone number or email parameter. No detail...
AreaLoad SQL注入漏洞
AreaLoad is an open source job upload platform written in PHP by Lizihu Utopia LUNA Association. AreaLoad suffers from an SQL injection vulnerability that stems from the parameter phone in the file request.php that can lead to SQL injection...
PT-2024-10604 · Unknown · Lunad3V Areaload
Name of the Vulnerable Software and Affected Versions: LUNAD3v AreaLoad up to 1a1103182ed63a06dde63d1712f3262eda19c3ec Description: A critical issue affects the processing of the file request.php, where the manipulation of the phone argument leads to sql injection. The estimated number of...
CVE-2022-30360
OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS AKA Persistent or Type II vulnerabilities via a POST request to /profile/updateProfile via the slackid or phone parameters. Authentication is required...
OvalEdge 安全漏洞
OvalEdge is a solution from US-based OvalEdge that helps users create, manage and use data from a variety of sources through AI and human intelligence. A security vulnerability exists in OvalEdge version 5.2.8.0 and earlier, which stems from a POST request to /profile/updateProfile via the slacki...
PT-2024-11558 · Ovaledge · Ovaledge
Name of the Vulnerable Software and Affected Versions: OvalEdge versions 5.2.8.0 and earlier Description: The issue is related to multiple Stored XSS also known as Persistent or Type II vulnerabilities. These vulnerabilities can be exploited via a POST request to the "/profile/updateProfile" API...
CVE-2024-8219
A vulnerability was found in code-projects Responsive Hotel Site 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument name/phone/email leads to sql injection. It is possible to launch the attack remotely. The exploit has...
Code-Projects Online Quiz Site SQL注入漏洞
Code-Projects Online Quiz Site is a Code-Projects open source online quiz site. A SQL injection vulnerability exists in Online Quiz Site version 1.0, which stems from a SQL injection caused by operations on the parameters name/phone/email in the file index.php...
CVE-2024-42762
A Stored Cross Site Scripting XSS vulnerability was found in "/history.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the Name, Phone, and Email parameter fields...
CVE-2024-42762
A Stored Cross Site Scripting XSS vulnerability was found in "/history.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the Name, Phone, and Email parameter fields...
CVE-2024-6328
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebasesmslogin' and 'firebasesmsloginv2' functions...
PT-2024-37544 · WordPress · Mstore Api
Name of the Vulnerable Software and Affected Versions: MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress versions up to, and including, 4.14.7 Description: The issue is due to insufficient verification on the phone parameter of the firebase sms login and firebase sms...