Lucene search
K

69 matches found

OSV
OSV
added 2024/09/22 9:15 p.m.3 views

CVE-2024-9086

A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. Affected is an unknown function of the file /filter.php. The manipulation of the argument from/to leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

9.8CVSS6.4AI score0.00572EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/09/22 9:0 p.m.13 views

CVE-2024-9086 code-projects Restaurant Reservation System filter.php sql injection

A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. Affected is an unknown function of the file /filter.php. The manipulation of the argument from/to leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS7.3AI score0.00572EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/09/22 12:0 a.m.7 views

PT-2024-39420 · Unknown · Code-Projects Restaurant Reservation System

Name of the Vulnerable Software and Affected Versions: code-projects Restaurant Reservation System version 1.0 Description: A critical issue has been found in the code-projects Restaurant Reservation System. The manipulation of the from and to arguments in the /filter.php file leads to SQL...

9.8CVSS7.2AI score0.00572EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2024/07/22 12:0 a.m.7 views

PT-2024-38007 · Sourcecodester · Sourcecodester Clinics Patient Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Clinics Patient Management System version 1.0 Description: A critical issue has been discovered, affecting the /print patients visits.php file. The from/to argument is vulnerable to SQL injection, which can be exploited remotel...

7.5CVSS6.7AI score0.00417EPSS
Exploits1References8
OSV
OSV
added 2024/02/05 10:16 p.m.7 views

CVE-2024-0834

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the linkto parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...

5.4CVSS6AI score0.00531EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.5 views

WordPress plugin Elementor Addon Elements security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.4CVSS6.1AI score0.00531EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/12/29 12:0 a.m.3 views

PT-2023-30897 · Unknown · Railway Reservation System

Name of the Vulnerable Software and Affected Versions: Railway Reservation System version 1.0 Description: The issue concerns an Unauthenticated SQL Injection vulnerability. Specifically, the to parameter of the "reservation.php" resource does not validate the characters received, and they are se...

8AI score
Exploits0References3
OSV
OSV
added 2023/11/30 4:15 p.m.4 views

CVE-2023-6360

The 'My Calendar' WordPress Plugin, version 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route...

9.8CVSS5.8AI score0.63141EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.7 views

PT-2023-7555 · WordPress · Wordpress Calendar Plugin

Name of the Vulnerable Software and Affected Versions: My Calendar WordPress Plugin version 3.4.22 Description: The issue is related to an unauthenticated SQL injection vulnerability. This vulnerability is present in the from and to parameters in the "/my-calendar/v1/events" rest route. It allows...

10CVSS9.7AI score0.63141EPSS
Exploits1References9
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.5 views

Mattermost 输入验证错误漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an open redirect vulnerability that occurs when a user clicks "Back to Mattermost" after providing an invalid custom URL scheme in /oauth/service/mobilelogin?redirectto=, which...

6.1CVSS6.6AI score0.00403EPSS
Exploits0References1
OSV
OSV
added 2023/07/16 11:15 a.m.3 views

CVE-2023-3684

A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/deDE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack ma...

6.1CVSS4.8AI score0.00279EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/22 12:0 a.m.3 views

PT-2023-17084 · Sourcecodester · Student Study Center Desk Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Student Study Center Desk Management System version 1.0 Description: A problematic issue has been discovered, affecting an unknown function of the file /admin/reports/index.php, specifically the GET Parameter Handler component...

5.4CVSS4.3AI score0.00646EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/03/22 12:0 a.m.4 views

Student Study Center Desk Management System 跨站脚本漏洞

Student Study Center Desk Management System is a student study center desk management system. A cross-site scripting vulnerability exists in SourceCodester Student Study Center Desk Management System version 1.0, which stems from a problem in the file /admin/reports/index.php, where manipulation ...

5.4CVSS4AI score0.00646EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/03/17 12:0 a.m.2 views

Student Study Center Desk Management System SQL注入漏洞

Student Study Center Desk Management System is a student study center desk management system. A SQL injection vulnerability exists in SourceCodester Student Study Center Desk Management System version 1.0, which originates from a security issue in the admin/?page=reports&datefrom=2023-02-17& of t...

9.8CVSS7AI score0.00541EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:47 a.m.4 views

SUSE CVE-2012-2139

Directory traversal vulnerability in lib/mail/network/deliverymethods/filedelivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. dot dot in the to parameter...

5CVSS6.9AI score0.04923EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:24 a.m.4 views

SUSE CVE-2018-16745

An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it...

2.9CVSS7.4AI score0.00448EPSS
Exploits2References9
CNNVD
CNNVD
added 2022/08/06 12:0 a.m.3 views

Expense Management System SQL注入漏洞

Expense Management System is an expense management system by Carlo Montero Personal Developer. SourceCodester Expense Management System suffers from a SQL injection vulnerability that originates in the report.php component where the POST parameter handler of the fetchreportcredit function operate...

9.8CVSS8.5AI score0.00466EPSS
Exploits0References2
OSV
OSV
added 2022/02/14 12:15 p.m.4 views

CVE-2021-25033

The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue...

6.1CVSS5.8AI score0.02682EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/09/12 12:0 a.m.8 views

Github Clearance 输入验证错误漏洞

Github Clearance is using email and password for Rails authentication. An input validation error vulnerability exists in clearance, which stems from the fact that if the value used for returnto contains multiple leading slashes //////example.com, the user ends up being redirected to an external...

7.6CVSS6.9AI score0.00675EPSS
Exploits0References3
OSV
OSV
added 2020/07/07 7:15 p.m.2 views

CVE-2019-20896

WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter...

9.8CVSS7.3AI score0.0099EPSS
Exploits0References1
Rows per page
Query Builder