243720 matches found
Garage Management System 1.0 - SQL Injection
Garage Management System 1.0 contains a SQL injection vulnerability in /login.php via manipulation of the argument username with input [email protected]' AND SELECT 6427 FROM SELECTSLEEP5LwLu AND 'hsvT'='hsvT. An attacker can possibly obtain sensitive information from a database, modify data, and/or execut...
Purchase Order Management v1.0 - Cross Site Scripting (Reflected)
Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the password parameter at /purchaseorder/classes/login.php. id: CVE-2023-29623 info: name: Purchase Order Management v1.0 - Cross Site Scripting Reflected author: theamanrawat severity:...
LMS by Masteriyo < 1.6.8 - Information Exposure
The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints. id: CVE-2023-3345 info: name: LMS by Masteriyo 1.6.8 - Information Exposure author: DhiyaneshDK...
Masa CMS - Authentication Bypass
Masa CMS 7.2, 7.3, and 7.4-beta are susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...
School Dormitory Management System 1.0 - SQL Injection
School Dormitory Management System 1.0 contains a SQL injection vulnerability via accounts/paymenthistory.php:31. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-30512 info:...
Microfinance Management System 1.0 - SQL Injection
Microfinance Management System 1.0 is susceptible to SQL Injection. id: CVE-2022-27927 info: name: Microfinance Management System 1.0 - SQL Injection author: lucasljm2001,ekrause severity: critical description: | Microfinance Management System 1.0 is susceptible to SQL Injection. impact: |...
College Management System 1.0 - SQL Injection
College Management System 1.0 contains a SQL injection vulnerability via the course code parameter. id: CVE-2022-28079 info: name: College Management System 1.0 - SQL Injection author: ritikchaddha severity: high description: | College Management System 1.0 contains a SQL injection vulnerability...
School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting
School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability in admin/inc/navigation.php:126. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-base...
WordPress KiviCare <2.3.9 - SQL Injection
WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajaxpost AJAX action with the getdoctordetails route. An attacker can possibly obtain sensitive information, modify...
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter. id: CVE-2021-27316 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind SQ...
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. id: CVE-2021-27320 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind S...
Doctor Appointment System 1.0 - SQL Injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter. id: CVE-2021-27315 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind...
ehicle Service Management System 1.0 - Cross-Site Scripting
Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Category List section in login panel. id: CVE-2021-46071 info: name: ehicle Service Management System 1.0 - Cross-Site Scripting author: TenBird severity: medium description: | Vehicle Service...
Pascom CPS Server-Side Request Forgery
Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability. id: CVE-2021-45967 info: name: Pascom CPS Server-Side Request Forgery author: dwisiswant0 severity: critical description: Pascom versions before 7.20 packaged with Cloud Phone...
Sourcecodester Car Rental Management System 1.0 - Stored Cross-Site Scripting
Sourcecodester Car Rental Management System 1.0 is vulnerable to cross-site scripting via the vehicalorcview parameter. id: CVE-2021-46005 info: name: Sourcecodester Car Rental Management System 1.0 - Stored Cross-Site Scripting author: cckuailong severity: medium description: Sourcecodester Car...
Doctor Appointment System 1.0 - SQL Injection
SQL injection in the expertise parameter in searchresult.php in Doctor Appointment System v1.0. id: CVE-2021-27124 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: medium description: | SQL injection in the expertise parameter in searchresult.php in Doctor...
PHPGurukul Hospital Management System - Cross-Site Scripting
PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2020-5191 info: name: PHPGurukul Hospital Management System -...
Car Rental Management System 1.0 - Local File Inclusion
Car Rental Management System 1.0 allows an unauthenticated user to perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, leading to code execution. id: CVE-2020-29227 info: name: Car Rental Management System 1.0 - Local File Inclusion author:...
PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in...
Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/ajax.php?action=login. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-32022...