Lucene search
K

243720 matches found

Nuclei
Nuclei
added yesterday55 views

Garage Management System 1.0 - SQL Injection

Garage Management System 1.0 contains a SQL injection vulnerability in /login.php via manipulation of the argument username with input [email protected]' AND SELECT 6427 FROM SELECTSLEEP5LwLu AND 'hsvT'='hsvT. An attacker can possibly obtain sensitive information from a database, modify data, and/or execut...

9.8CVSS7.3AI score0.03384EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday40 views

Purchase Order Management v1.0 - Cross Site Scripting (Reflected)

Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the password parameter at /purchaseorder/classes/login.php. id: CVE-2023-29623 info: name: Purchase Order Management v1.0 - Cross Site Scripting Reflected author: theamanrawat severity:...

6.1CVSS6.3AI score0.0125EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday44 views

LMS by Masteriyo < 1.6.8 - Information Exposure

The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints. id: CVE-2023-3345 info: name: LMS by Masteriyo 1.6.8 - Information Exposure author: DhiyaneshDK...

6.5CVSS6.8AI score0.01926EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday84 views

Masa CMS - Authentication Bypass

Masa CMS 7.2, 7.3, and 7.4-beta are susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

9.8CVSS7.2AI score0.06253EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday53 views

School Dormitory Management System 1.0 - SQL Injection

School Dormitory Management System 1.0 contains a SQL injection vulnerability via accounts/paymenthistory.php:31. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-30512 info:...

9.8CVSS7.3AI score0.09621EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday32 views

Microfinance Management System 1.0 - SQL Injection

Microfinance Management System 1.0 is susceptible to SQL Injection. id: CVE-2022-27927 info: name: Microfinance Management System 1.0 - SQL Injection author: lucasljm2001,ekrause severity: critical description: | Microfinance Management System 1.0 is susceptible to SQL Injection. impact: |...

9.8CVSS7.2AI score0.13829EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday40 views

College Management System 1.0 - SQL Injection

College Management System 1.0 contains a SQL injection vulnerability via the course code parameter. id: CVE-2022-28079 info: name: College Management System 1.0 - SQL Injection author: ritikchaddha severity: high description: | College Management System 1.0 contains a SQL injection vulnerability...

8.8CVSS7.3AI score0.28826EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday61 views

School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting

School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability in admin/inc/navigation.php:126. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-base...

6.1CVSS6.4AI score0.03345EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday61 views

WordPress KiviCare <2.3.9 - SQL Injection

WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajaxpost AJAX action with the getdoctordetails route. An attacker can possibly obtain sensitive information, modify...

9.8CVSS7.3AI score0.12619EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday28 views

Doctor Appointment System 1.0 - SQL Injection

Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter. id: CVE-2021-27316 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind SQ...

7.5CVSS7.1AI score0.07826EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday82 views

Doctor Appointment System 1.0 - SQL Injection

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. id: CVE-2021-27320 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind S...

7.5CVSS7.1AI score0.09299EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday29 views

Doctor Appointment System 1.0 - SQL Injection

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter. id: CVE-2021-27315 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind...

7.5CVSS7.1AI score0.07826EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday45 views

ehicle Service Management System 1.0 - Cross-Site Scripting

Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Category List section in login panel. id: CVE-2021-46071 info: name: ehicle Service Management System 1.0 - Cross-Site Scripting author: TenBird severity: medium description: | Vehicle Service...

4.8CVSS5.8AI score0.02736EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday49 views

Pascom CPS Server-Side Request Forgery

Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability. id: CVE-2021-45967 info: name: Pascom CPS Server-Side Request Forgery author: dwisiswant0 severity: critical description: Pascom versions before 7.20 packaged with Cloud Phone...

9.8CVSS7.2AI score0.208EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday44 views

Sourcecodester Car Rental Management System 1.0 - Stored Cross-Site Scripting

Sourcecodester Car Rental Management System 1.0 is vulnerable to cross-site scripting via the vehicalorcview parameter. id: CVE-2021-46005 info: name: Sourcecodester Car Rental Management System 1.0 - Stored Cross-Site Scripting author: cckuailong severity: medium description: Sourcecodester Car...

5.4CVSS6AI score0.02915EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday44 views

Doctor Appointment System 1.0 - SQL Injection

SQL injection in the expertise parameter in searchresult.php in Doctor Appointment System v1.0. id: CVE-2021-27124 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: medium description: | SQL injection in the expertise parameter in searchresult.php in Doctor...

6.5CVSS6.7AI score0.05721EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday38 views

PHPGurukul Hospital Management System - Cross-Site Scripting

PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2020-5191 info: name: PHPGurukul Hospital Management System -...

6.1CVSS6.6AI score0.0552EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday55 views

Car Rental Management System 1.0 - Local File Inclusion

Car Rental Management System 1.0 allows an unauthenticated user to perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, leading to code execution. id: CVE-2020-29227 info: name: Car Rental Management System 1.0 - Local File Inclusion author:...

9.8CVSS7.4AI score0.16822EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday48 views

PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in...

9.8CVSS6.9AI score0.15652EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday56 views

Car Rental Management System 1.0 - SQL Injection

Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/ajax.php?action=login. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-32022...

7.2CVSS7.1AI score0.04879EPSS
Exploits1References3
Rows per page
Query Builder