CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2023/12/29 1:15 a.m.•14 views

CVE-2023-7144

9.8CVSS0.00568EPSS

Prion•added 2023/12/29 1:15 a.m.•14 views

Sql injection

5.8CVSS7.8AI score0.00568EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2023/12/29 1:0 a.m.•10 views

CVE-2023-7144 gopeak MasterLab HTTP POST Request Feature.php sqlInject sql injection

6.3CVSS7.7AI score0.00568EPSS

CVE•added 2023/12/29 1:0 a.m.•43 views

CVE-2023-7144

The CVE-2023-7144 entry concerns gopeak MasterLab versions up to 3.3.10, specifically the HTTP POST Request Handler’s component and the sqlInject function in app/ctrl/framework/Feature.php. The vulnerability arises from improper handling of the pwd argument, enabling SQL injection. Public exploit...

9.8CVSS7.5AI score0.00568EPSS

Exploits0References3Affected Software1

NVD•added 2023/12/28 11:15 p.m.•12 views

CVE-2023-7139

A vulnerability has been found in code-projects Client Details System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/regester.php of the component HTTP POST Request Handler. The manipulation of the argument fname/lname/email/contact leads to sql...

9.8CVSS0.00644EPSS

CVE•added 2023/12/28 10:31 p.m.•54 views

CVE-2023-7139

The CVE-2023-7139 entry affects the code-projects Client Details System 1.0 . A vulnerability exists in the file /admin/regester.php of the HTTP POST Request Handler where manipulation of the arguments fname , lname , email , and contact leads to an SQL injection . The vulnerability has been disc...

9.8CVSS7.4AI score0.00644EPSS

OSV•added 2023/12/28 10:15 p.m.•3 views

CVE-2023-7137

A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the component HTTP POST Request Handler. The manipulation of the argument uemail leads to sql injection. The exploit has been...

8.8CVSS5.7AI score0.17026EPSS

Exploits4References3

NVD•added 2023/12/28 10:15 p.m.•43 views

CVE-2023-7137

8.8CVSS0.17026EPSS

Exploits4References3

NVD•added 2023/12/28 10:15 p.m.•23 views

CVE-2023-7138

A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. This affects an unknown part of the file /admin of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to...

8.8CVSS0.00701EPSS

Prion•added 2023/12/28 10:15 p.m.•22 views

Sql injection

5.8CVSS7.7AI score0.00701EPSS

Prion•added 2023/12/28 10:15 p.m.•19 views

Sql injection

5.8CVSS7.7AI score0.17026EPSS

Exploits4References3Affected Software1

CVE•added 2023/12/28 9:31 p.m.•60 views

CVE-2023-7137

CVE-2023-7137 affects code-projects Client Details System 1.0. Multiple connected documents confirm a SQL injection in the HTTP POST Request Handler via the uemail parameter (in /clientdetails/), with the vulnerable software version reported as 1.0. The issue is described as critical, with exploi...

8.8CVSS7.7AI score0.17026EPSS

Exploits4References3Affected Software1

OSV•added 2023/12/28 6:15 p.m.•13 views

CVE-2023-7133

A vulnerability was found in yproject RuoYi 4.7.8. It has been declared as problematic. This vulnerability affects unknown code of the file /login of the component HTTP POST Request Handler. The manipulation of the argument rememberMe with the input falsen3f0malert1p86o0 leads to cross site...

6.1CVSS6.4AI score

NVD•added 2023/12/28 6:15 p.m.•21 views

CVE-2023-7133

6.1CVSS0.00679EPSS

Prion•added 2023/12/28 6:15 p.m.•14 views

Cross site scripting

5CVSS6.6AI score0.00679EPSS

CVE•added 2023/12/28 5:31 p.m.•46 views

CVE-2023-7133

CVE-2023-7133 affects y_project RuoYi 4.7.8. The vulnerability is a cross-site scripting flaw in the HTTP POST login handler, caused by manipulating the rememberMe parameter with input like falsen3f0mp86o0. Attacker can exploit remotely; the exploit has been disclosed. Root cause centers on impro...

6.1CVSS5.2AI score0.00679EPSS

OSV•added 2023/12/27 4:15 p.m.•15 views

CVE-2023-7116

A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection...

9.8CVSS7.5AI score

NVD•added 2023/12/27 4:15 p.m.•11 views

CVE-2023-7116

9.8CVSS0.09901EPSS

Prion•added 2023/12/27 4:15 p.m.•13 views

Command injection

6.5CVSS7.8AI score0.09901EPSS