544 matches found
Sourcecodester Online Event Booking and Reservation System HTML Injection Vulnerability
Sourcecodester Online Event Booking and Reservation System is developed using PHP, MySQL database, HTML, CSS, Javascript, Bootstrap and AdminLTE. The system can be accessed by three types of users, namely system administrators, students and teachers. Sourcecodester Online Event Booking and...
Design/Logic Flaw
An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a...
CVE-2021-42662
A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to...
Cross site scripting
A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to...
CVE-2021-42662
A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to...
Engineers Online Portal 跨站脚本漏洞
Sourcecodester Online Event Booking and Reservation System is developed using PHP, MySQL database, HTML, CSS, Javascript, Bootstrap and AdminLTE. The system can be accessed by three types of users, namely system administrators, students and teachers. Sourcecodester Online Event Booking and...
phpok buffer overflow vulnerability
phpok is a set of enterprise website system developed by Shenzhen锟絪 technology limited company using PHP+MYSQL language. A buffer overflow vulnerability exists in framework/init.php in phpok version 5.1. An attacker can exploit this vulnerability to execute arbitrary code...
Company's Recruitment Management System SQL Injection
Description of vulnerability: The Company's Recruitment Management System by: oretnom23 in id=2 of the parameter from viewvacancy app on-page appears to be vulnerable to SQL Injection - Stealing the Password Hashes attacks. The payloads 19424269' or '1309'='1309 and 39476597' or '2917'='2923 were...
YzmCMS Cross-site Request Forgery Vulnerability (CNVD-2021-90912)
YzmCMS is a lightweight open source content management system based on PHP Mysql architecture developed solely by Yuan Zhimeng. A cross-site request forgery vulnerability exists in /controller/pay.class.php in YzmCMS version 5.5. An attacker can use this vulnerability to access sensitive componen...
File Upload Vulnerability in Tianmu MVC-HOME Version
Tianmu MVC-HOME Edition is a professional PHP+MYSQL product. A file upload vulnerability exists in Tianmu MVC-HOME Edition, which can be exploited by attackers to upload a webshell and gain server privileges...
WordPress Handsome Testimonials&Reviews plugin SQL Injection Vulnerability
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Handsome Testimonials&Reviews plugin is an application plugin for WordPress. Versions of the WordPress Handsome...
PEEL Shopping SQL Injection Vulnerability (CNVD-2021-61762)
PEEL Shopping is a PHP/MySQL architecture of open source e-commerce system. 9.4.0.1 prior version of PEEL Shopping has a SQL injection vulnerability, which can be exploited by attackers to inject malicious SQL queries and obtain sensitive database information...
Vehicle Parking Management System 1.0 Cross Site Scripting Vulnerability
Vehicle Parking Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version is attributed to Tushar Vaidya in February of 2021. Exploit Title: Vehicle Parking Management System - Stored...
Arbitrary File Deletion Vulnerability in Aptar CMS (CNVD-2021-56875)
Aptar CMS website management system adopts PHP+MYSQL technology, supports pseudo-static function, can generate google and baidu maps, supports custom url, keywords and descriptions, and facilitates SEO search. Aptar CMS has an arbitrary file deletion vulnerability that can be exploited by attacke...
HuCart v5.7.9 suffers from SQL injection vulnerability
HuCart is a leading enterprise building system, based on PHP Mysql architecture, can run on Linux, Windows and other various server platforms, regular environment, can support millions of data. HuCart v5.7.9 suffers from a SQL injection vulnerability that can be exploited by attackers to obtain...
SQL Injection Vulnerability in the Classifieds Navigation System of Youk365 Website (CNVD-2021-52070)
Uc365 website classification and navigation system is a cross-platform open source software, based on PHP + MYSQL development and construction of open source website classification and catalog management system. Uke365 website category navigation system SQL injection vulnerability , attackers can...
Xiancheng cms exists arbitrary file reading vulnerability
Xiancheng cms is a set of PHP mysql architecture with free open source article management system program. Xiancheng cms arbitrary file read vulnerability, attackers can use the vulnerability to obtain sensitive information...
AKCMS suffers from SQL injection vulnerability (CNVD-2021-51280)
AKCMS is a lightweight content management system based on PHP and MySQL. AKCMS suffers from an SQL injection vulnerability that can be exploited by attackers to obtain sensitive database information...
Information Disclosure Vulnerability in ESPCMS Professional Edition
ESPCMS is a PHP MYSQL based enterprise building management system. An information disclosure vulnerability exists in ESPCMS Professional, which can be exploited by attackers to obtain sensitive information...
SQL Injection Vulnerability in Ai Qing Lemon CMS (CNVD-2021-51355)
Aizumi CMS is a php music website developed with php MySQL. Aizumi CMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...