Lucene search
K

544 matches found

CNVD
CNVD
added 2021/11/08 12:0 a.m.26 views

Sourcecodester Online Event Booking and Reservation System HTML Injection Vulnerability

Sourcecodester Online Event Booking and Reservation System is developed using PHP, MySQL database, HTML, CSS, Javascript, Bootstrap and AdminLTE. The system can be accessed by three types of users, namely system administrators, students and teachers. Sourcecodester Online Event Booking and...

4.3CVSS1.2AI score0.03792EPSS
Exploits3References1
Prion
Prion
added 2021/11/05 1:15 p.m.20 views

Design/Logic Flaw

An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a...

4.3CVSS4.6AI score0.03792EPSS
Exploits3References2Affected Software1
NVD
NVD
added 2021/11/05 11:15 a.m.13 views

CVE-2021-42662

A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to...

5.4CVSS0.01647EPSS
Exploits5References4
Prion
Prion
added 2021/11/05 11:15 a.m.17 views

Cross site scripting

A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to...

3.5CVSS5.3AI score0.01647EPSS
Exploits5References4Affected Software1
Cvelist
Cvelist
added 2021/11/05 10:21 a.m.40 views

CVE-2021-42662

A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to...

5.5AI score0.01647EPSS
Exploits5References4
CNNVD
CNNVD
added 2021/11/05 12:0 a.m.6 views

Engineers Online Portal 跨站脚本漏洞

Sourcecodester Online Event Booking and Reservation System is developed using PHP, MySQL database, HTML, CSS, Javascript, Bootstrap and AdminLTE. The system can be accessed by three types of users, namely system administrators, students and teachers. Sourcecodester Online Event Booking and...

4.3CVSS5.5AI score0.03792EPSS
Exploits3References3
CNVD
CNVD
added 2021/11/03 12:0 a.m.8 views

phpok buffer overflow vulnerability

phpok is a set of enterprise website system developed by Shenzhen锟絪 technology limited company using PHP+MYSQL language. A buffer overflow vulnerability exists in framework/init.php in phpok version 5.1. An attacker can exploit this vulnerability to execute arbitrary code...

9.8CVSS7.8AI score0.01606EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2021/10/04 12:0 a.m.543 views

Company's Recruitment Management System SQL Injection

Description of vulnerability: The Company's Recruitment Management System by: oretnom23 in id=2 of the parameter from viewvacancy app on-page appears to be vulnerable to SQL Injection - Stealing the Password Hashes attacks. The payloads 19424269' or '1309'='1309 and 39476597' or '2917'='2923 were...

0.4AI score
Exploits0
CNVD
CNVD
added 2021/09/24 12:0 a.m.23 views

YzmCMS Cross-site Request Forgery Vulnerability (CNVD-2021-90912)

YzmCMS is a lightweight open source content management system based on PHP Mysql architecture developed solely by Yuan Zhimeng. A cross-site request forgery vulnerability exists in /controller/pay.class.php in YzmCMS version 5.5. An attacker can use this vulnerability to access sensitive componen...

8.8CVSS2.6AI score0.00543EPSS
Exploits1References1
CNVD
CNVD
added 2021/08/31 12:0 a.m.10 views

File Upload Vulnerability in Tianmu MVC-HOME Version

Tianmu MVC-HOME Edition is a professional PHP+MYSQL product. A file upload vulnerability exists in Tianmu MVC-HOME Edition, which can be exploited by attackers to upload a webshell and gain server privileges...

7.2AI score
Exploits0
CNVD
CNVD
added 2021/08/05 12:0 a.m.16 views

WordPress Handsome Testimonials&Reviews plugin SQL Injection Vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Handsome Testimonials&Reviews plugin is an application plugin for WordPress. Versions of the WordPress Handsome...

8.8CVSS8.7AI score0.01599EPSS
Exploits2References1
CNVD
CNVD
added 2021/07/28 12:0 a.m.13 views

PEEL Shopping SQL Injection Vulnerability (CNVD-2021-61762)

PEEL Shopping is a PHP/MySQL architecture of open source e-commerce system. 9.4.0.1 prior version of PEEL Shopping has a SQL injection vulnerability, which can be exploited by attackers to inject malicious SQL queries and obtain sensitive database information...

9.1CVSS3.2AI score0.05161EPSS
Exploits2References1
0day.today
0day.today
added 2021/07/21 12:0 a.m.117 views

Vehicle Parking Management System 1.0 Cross Site Scripting Vulnerability

Vehicle Parking Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version is attributed to Tushar Vaidya in February of 2021. Exploit Title: Vehicle Parking Management System - Stored...

6.5AI score
Exploits0
CNVD
CNVD
added 2021/07/19 12:0 a.m.7 views

Arbitrary File Deletion Vulnerability in Aptar CMS (CNVD-2021-56875)

Aptar CMS website management system adopts PHP+MYSQL technology, supports pseudo-static function, can generate google and baidu maps, supports custom url, keywords and descriptions, and facilitates SEO search. Aptar CMS has an arbitrary file deletion vulnerability that can be exploited by attacke...

7.2AI score
Exploits0
CNVD
CNVD
added 2021/07/14 12:0 a.m.8 views

HuCart v5.7.9 suffers from SQL injection vulnerability

HuCart is a leading enterprise building system, based on PHP Mysql architecture, can run on Linux, Windows and other various server platforms, regular environment, can support millions of data. HuCart v5.7.9 suffers from a SQL injection vulnerability that can be exploited by attackers to obtain...

7.8AI score
Exploits0
CNVD
CNVD
added 2021/07/10 12:0 a.m.12 views

SQL Injection Vulnerability in the Classifieds Navigation System of Youk365 Website (CNVD-2021-52070)

Uc365 website classification and navigation system is a cross-platform open source software, based on PHP + MYSQL development and construction of open source website classification and catalog management system. Uke365 website category navigation system SQL injection vulnerability , attackers can...

7.6AI score
Exploits0
CNVD
CNVD
added 2021/07/09 12:0 a.m.14 views

Xiancheng cms exists arbitrary file reading vulnerability

Xiancheng cms is a set of PHP mysql architecture with free open source article management system program. Xiancheng cms arbitrary file read vulnerability, attackers can use the vulnerability to obtain sensitive information...

7AI score
Exploits0
CNVD
CNVD
added 2021/07/08 12:0 a.m.8 views

AKCMS suffers from SQL injection vulnerability (CNVD-2021-51280)

AKCMS is a lightweight content management system based on PHP and MySQL. AKCMS suffers from an SQL injection vulnerability that can be exploited by attackers to obtain sensitive database information...

7.9AI score
Exploits0
CNVD
CNVD
added 2021/07/06 12:0 a.m.9 views

Information Disclosure Vulnerability in ESPCMS Professional Edition

ESPCMS is a PHP MYSQL based enterprise building management system. An information disclosure vulnerability exists in ESPCMS Professional, which can be exploited by attackers to obtain sensitive information...

6.5AI score
Exploits0
CNVD
CNVD
added 2021/07/06 12:0 a.m.10 views

SQL Injection Vulnerability in Ai Qing Lemon CMS (CNVD-2021-51355)

Aizumi CMS is a php music website developed with php MySQL. Aizumi CMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

7.8AI score
Exploits0
Rows per page
Query Builder