PT-2026-2423

Name of the Vulnerable Software and Affected Versions Social-Share-Buttons version 2.2.3 Description The software contains a SQL injection issue in the project id parameter. Attackers can exploit this by sending specially crafted POST requests with malicious SQL payloads to manipulate database...

CVE-2024-10423

A vulnerability, which was classified as critical, was found in Project Worlds Student Project Allocation System 1.0. Affected is an unknown function of the file /student/projectselection/projectselection.php of the component Project Selection Page. The manipulation of the argument projectid lead...

WordPress plugin WP Project Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2024-16268 · Unknown · Project Worlds Student Project Allocation System

Name of the Vulnerable Software and Affected Versions: Project Worlds Student Project Allocation System version 1.0 Description: A critical issue was found in the Project Selection Page component, specifically in the /student/project selection/project selection.php file. The manipulation of the...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the projectid parameter in the /ProjectManage/pmgattinc.aspx file against externally entered SQL statements. An attacker can exploi...

PT-2024-20987 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: A SQL injection issue was discovered via the project id parameter at the "/ProjectManage/pm gatt inc.aspx" API endpoint. This allows for potential exploitation. No information is provided about...

CVE-2024-25222

Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php...

SUSE CVE-2012-0030

Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified projectid URI parameter...

Insecure Storage of Sensitive Information

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information via the manageprojeditpage.php parameter. An attacker can retrieve private project names without proper access rights by manipulating the projectid...

MantisBT 访问控制错误漏洞

MantisBT is MantisBT Mantisbt team of a Web-based open source defect tracking system . The system provides project management and defect tracking services in the form of Web operations. An access control error vulnerability exists in MantisBT versions prior to 2.24.4, which stems from the fact th...

DEBIAN-CVE-2012-0030

Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified projectid URI parameter...