CVE-2024-6367

A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp of the component POST Request Handler. The manipulation of the argument...

CVE-2024-6370

CVE-2024-6370 affects LabVantage LIMS 2017. A cross-site scripting flaw exists in the POST Request Handler via the file parameter /labvantage/rc?command=file&file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp, by tampering the bulletinbody argument. The attack can be launched remotely and the exp...

CVE-2024-6368

CVE-2024-6368 affects LabVantage LIMS 2017. The issue resides in the POST Request Handler where processing of the file path /labvantage/rc?command=page and the manipulation of the argument param1 leads to a cross-site scripting (XSS) vulnerability. The attack can be initiated remotely and the exp...

CVE-2024-6368 LabVantage LIMS POST Request cross site scripting

A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantage/rc?command=page of the component POST Request Handler. The manipulation of the argument param1 leads to cross site scripting. The attack may be...

PT-2024-37571 · Labvantage · Labvantage Lims

Name of the Vulnerable Software and Affected Versions: LabVantage LIMS version 2017 Description: A vulnerability was found in the component POST Request Handler, affecting the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp. The manipulation of the argument...

LabVantage Solutions LIMS Cross-Site Scripting Vulnerability

LabVantage Solutions LIMS is a laboratory letter management system from LabVantage Solutions, USA. A cross-site scripting vulnerability exists in LabVantage Solutions LIMS version 2017, which stems from some unknown handling of parameter param1 in a file processed by the POST request handler...

PT-2024-37572 · Labvantage · Labvantage Lims

Name of the Vulnerable Software and Affected Versions: LabVantage LIMS version 2017 WPML affected versions not specified Description: A problematic issue affects the processing of the file "/labvantage/rc?command=page" of the component POST Request Handler. The manipulation of the argument param1...

CVE-2024-6269

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function getip.addrdetails of the file /view/vpn/autovpn/sxhvpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection. T...

CVE-2024-6269

CVE-2024-6269 affects Ruijie RG-UAC 1.0. The vulnerability lives in the HTTP POST handler function get_ip.addr_details in /view/vpn/autovpn/sxh_vpnlic.php, where manipulating the indevice argument enables remote command injection. Public exploit information exists. Affected product behavior and r...

CVE-2024-5771

A vulnerability classified as critical was found in LabVantage LIMS 2017. This vulnerability affects unknown code of the file /labvantage/rc?command=page&page=SampleList&iframename=list of the component POST Request Handler. The manipulation of the argument param1 leads to sql injection. The atta...

LabVantage Solutions LIMS SQL Injection Vulnerability

LabVantage Solutions LIMS is a laboratory letter management system from LabVantage Solutions, USA. A SQL injection vulnerability exists in LabVantage Solutions LIMS version 2017, which stems from unknown code in the component POST Request Handler, which leads to an SQL injection via the param1...

CVE-2024-5428

A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1.0. Affected by this vulnerability is the function saveproduct of the file /admin/index.php?page=manageproduct of the component HTTP POST Request Handler. The manipulation leads to cross-site reque...

CVE-2024-5145 SourceCodester Vehicle Management System HTTP POST Request newdriver.php unrestricted upload

A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The...

CVE-2024-5145

The CVE-2024-5145 entry refers to SourceCodester Vehicle Management System (up to v1.0) with a flaw in the HTTP POST Request Handler, where manipulating the file parameter in /newdriver.php enables unrestricted uploads. Multiple sources confirm remote feasibility and public disclosure of exploits...

CVE-2024-2909

A vulnerability classified as critical was found in Ruijie RG-EG350 up to 20240318. Affected by this vulnerability is the function setAction of the file /itboxpi/networksafe.php?a=set of the component HTTP POST Request Handler. The manipulation of the argument bandwidth leads to os command...

CVE-2024-2910

A vulnerability, which was classified as critical, has been found in Ruijie RG-EG350 up to 20240318. Affected by this issue is the function vpnAction of the file /itboxpi/vpnquicksetservice.php?a=setvpn of the component HTTP POST Request Handler. The manipulation of the argument...

CVE-2024-2910

CVE-2024-2910 affects Ruijie RG-EG350 (pre-20240318) in the VPN quick set service. The vulnerable component is the HTTP POST handler function vpnAction in the file /itbox_pi/vpn_quickset_service.php?a=set_vpn. By manipulating arguments ip, port, user, pass, dns, or startIp, an attacker can trigge...

CVE-2024-2909

CVE-2024-2909 affects Ruijie RG-EG350 up to 20240318. The vulnerability resides in the HTTP POST Request Handler function setAction (file /itbox_pi/networksafe.php?a=set) where manipulation of the bandwidth argument enables OS command injection. It can be exploited remotely; multiple sources conf...

GHSA-99WG-VMVQ-2CP5 RaspAP Vulnerable to Code Injection via an Unknown Process in File `includes/provider.php`

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

CVE-2024-2497

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...