PT-2024-30139 · Unknown · Kashipara Hotel Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Hotel Management System version 1.0 Description: A Reflected Cross Site Scripting XSS issue was found in the "/core/signup user.php" endpoint of the system, allowing remote attackers to execute arbitrary code via the user fname and...

PT-2024-30141 · Unknown · Kashipara Hotel Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Hotel Management System version 1.0 Description: A Stored Cross Site Scripting XSS issue was found in the "/core/signup user.php" endpoint, allowing remote attackers to execute arbitrary code via the user email parameter...

Kashipara Hotel Management System 安全漏洞

Kashipara Hotel Management System is a hotel management system from Kashipara. A cross-site scripting vulnerability exists in Kashipara Hotel Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the useremail parameter of...

Kashipara Music Management System 安全漏洞

Kashipara Music Management System is a music management system from Kashipara. A file upload vulnerability exists in Kashipara Music Management System version 1.0, which stems from the lack of validation of uploaded files in /music/ajax.php?action=signup, and can be exploited by an attacker to...

PT-2024-30148 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System, which allows attackers to execute arbitrary code via...

CVE-2024-7946

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file register.php of the component User Signup. The manipulation of the argument user leads to sql injection. The attack ma...

CVE-2024-7946 itsourcecode Online Blood Bank Management System User Signup register.php sql injection

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file register.php of the component User Signup. The manipulation of the argument user leads to sql injection. The attack ma...

CVE-2024-7946

CVE-2024-7946 affects itsourcecode Online Blood Bank Management System 1.0. The vulnerability lies in the User Signup component, specifically the register.php file, where the argument user can be manipulated to cause SQL injection. This allows remote attacks and, per sources, the exploit has been...

CVE-2024-7946 itsourcecode Online Blood Bank Management System User Signup register.php sql injection

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file register.php of the component User Signup. The manipulation of the argument user leads to sql injection. The attack ma...

Online Blood Bank Management System SQL注入漏洞

Online Blood Bank Management System is itsourcecode open source online blood bank management system. A SQL injection vulnerability exists in itsourcecode Online Blood Bank Management System version 1.0, which originates from a SQL injection vulnerability in the User Signup component of the...

CVE-2024-7929 SourceCodester Simple Forum Website Signup Page registration.php cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Forum Website 1.0. This affects an unknown part of the file /registration.php of the component Signup Page. The manipulation of the argument username leads to cross site scripting. It is possible to initiate...

CVE-2024-7929 SourceCodester Simple Forum Website Signup Page registration.php cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Forum Website 1.0. This affects an unknown part of the file /registration.php of the component Signup Page. The manipulation of the argument username leads to cross site scripting. It is possible to initiate...

CVE-2024-7321

A vulnerability classified as problematic was found in itsourcecode Online Blood Bank Management System 1.0. This vulnerability affects unknown code of the file signup.php of the component User Registration Handler. The manipulation of the argument user leads to cross site scripting. The attack c...

PT-2024-38266 · Unknown · Itsourcecode Online Blood Bank Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Blood Bank Management System version 1.0 Description: A problematic issue was found in the itsourcecode Online Blood Bank Management System, affecting the User Registration Handler component, specifically the file...

ItSourceCode Stored XSS via User Registration

Stored XSS in Online Blood Bank Management System V1.0...

CVE-2024-5665

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘exportsettings’ function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2024-5665

CVE-2024-5665 affects the Login/Signup Popup (Inline Form + Woocommerce) WordPress plugin. In versions 2.7.1–2.7.2, export_settings is missing a capability check, enabling authenticated users with Subscriber-level access and above to read arbitrary options on affected sites. The vulnerability is ...

WordPress Login/Signup Popup ( Inline Form + Woocommerce ) plugin <= 2.7.2 - Missing Authorization to Arbitrary Options Exposure vulnerability

Missing Authorization to Arbitrary Options Exposure vulnerability discovered by 1337Wannabe in WordPress Plugin Login/Signup Popup versions = 2.7.2...

CVE-2024-5324

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access...

CVE-2024-5324 XootiX Framework <= Various Plugin Versions - Missing Authorization to Arbitrary Options Update

Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...