CVE-2024-2497 RaspAP raspap-webgui HTTP POST Request provider.php code injection

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

CVE-2024-2497

RaspAP raspap-webgui 3.0.9 contains a code injection vulnerability in includes/provider.php via the HTTP POST parameter country, enabling remote code execution. Exploitation is possible over the network and public disclosures exist. A remediation is available: upgrade to billz/raspap-webgui 3.1.0...

CVE-2024-2482

A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /checkavailability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword lea...

CVE-2024-2482

CVE-2024-2482 affects Surya2Developer Hostel Management Service 1.0, via the HTTP POST Request Handler in the file /check_availability.php. The vulnerability arises from manipulation of the argument named oldpassword, causing an observable response discrepancy. Impact details in the provided sour...

PT-2024-20680 · Raspap · Raspap

Name of the Vulnerable Software and Affected Versions: RaspAP raspap-webgui version 3.0.9 Description: A critical issue affects the processing of the file includes/provider.php in the HTTP POST Request Handler component. The manipulation of the country argument leads to code injection. This issue...

PT-2024-20586 · Unknown · Surya2Developer Hostel Management Service

Name of the Vulnerable Software and Affected Versions: Surya2Developer Hostel Management Service version 1.0 Description: A vulnerability has been found in the HTTP POST Request Handler component, specifically in the file /check availability.php. The manipulation of the oldpassword argument leads...

CVE-2024-2272

A vulnerability classified as critical was found in keerti1924 Online-Book-Store-Website 1.0. This vulnerability affects unknown code of the file /home.php of the component HTTP POST Request Handler. The manipulation of the argument productname leads to sql injection. The attack can be initiated...

Sql injection

A vulnerability classified as critical was found in keerti1924 Online-Book-Store-Website 1.0. This vulnerability affects unknown code of the file /home.php of the component HTTP POST Request Handler. The manipulation of the argument productname leads to sql injection. The attack can be initiated...

Sql injection

A vulnerability classified as critical has been found in keerti1924 Online-Book-Store-Website 1.0. This affects an unknown part of the file /shop.php of the component HTTP POST Request Handler. The manipulation of the argument productname leads to sql injection. It is possible to initiate the...

CVE-2024-2272

CVE-2024-2272 affects the keerti1924 Online-Book-Store-Website v1.0. The vulnerability resides in the HTTP POST handler for /home.php where manipulating the product_name parameter enables an SQL injection. The issue is remote and has publicly disclosed exploits. References consistently identify t...

CVE-2024-2271

The CVE-2024-2271 entry affects keerti1924 Online-Book-Store-Website 1.0. A vulnerability in the HTTP POST Request Handler affects the /shop.php file, where the product_name parameter is susceptible to SQL injection. The issue can be exploited remotely, and public disclosures of the exploit exist...

CVE-2024-2168

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/operations/expensecategory.php of the component HTTP POST Request Handler. The manipulation of the argument status leads...

CVE-2024-2168

CVE-2024-2168 pertains to SourceCodester Online Tours & Travels Management System 1.0. Affects an unknown function in the file /admin/operations/expense_category.php on the HTTP POST Request Handler, where manipulating the status argument triggers a SQL injection. The vulnerability allows remote ...

CVE-2024-2168 SourceCodester Online Tours & Travels Management System HTTP POST Request expense_category.php sql injection

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/operations/expensecategory.php of the component HTTP POST Request Handler. The manipulation of the argument status leads...

CVE-2024-1196

A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site...

CVE-2024-1196 SourceCodester Testimonial Page Manager HTTP POST Request add-testimonial.php cross site scripting

A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site...

The vulnerability of the POST Request Handler component in Trendnet’s microprogrammed routing software TEW-800MB allows a attacker to execute arbitrary commands.

The vulnerability of the POST Request Handler component in Trendnet’s TEW-800MB router software lies in insufficient validation of the DeviceURL parameter used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands or cause service...

The vulnerability of the /admin_ping.htm file of the POST Request Handler component in the microprogramming software for Trendnet TEW-822DRE allows a attacker to execute arbitrary commands.

The vulnerability of the /adminping.htm file of the POST Request Handler component in the microprogramming system of the Trendnet TEW-822DRE router lies in the insufficient checking of the ipv4ping/ipv6ping argument passed in the command. Exploiting this vulnerability allows a remote attacker to...

CVE-2024-0920

A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /adminping.htm of the component POST Request Handler. The manipulation of the argument ipv4ping/ipv6ping leads to command injection. The attack can be...

CVE-2024-0918

A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploi...