69 matches found
CVE-2024-9086
A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. Affected is an unknown function of the file /filter.php. The manipulation of the argument from/to leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2024-9086 code-projects Restaurant Reservation System filter.php sql injection
A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. Affected is an unknown function of the file /filter.php. The manipulation of the argument from/to leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
PT-2024-39420 · Unknown · Code-Projects Restaurant Reservation System
Name of the Vulnerable Software and Affected Versions: code-projects Restaurant Reservation System version 1.0 Description: A critical issue has been found in the code-projects Restaurant Reservation System. The manipulation of the from and to arguments in the /filter.php file leads to SQL...
PT-2024-38007 · Sourcecodester · Sourcecodester Clinics Patient Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Clinics Patient Management System version 1.0 Description: A critical issue has been discovered, affecting the /print patients visits.php file. The from/to argument is vulnerable to SQL injection, which can be exploited remotel...
CVE-2024-0834
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the linkto parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...
WordPress plugin Elementor Addon Elements security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2023-30897 · Unknown · Railway Reservation System
Name of the Vulnerable Software and Affected Versions: Railway Reservation System version 1.0 Description: The issue concerns an Unauthenticated SQL Injection vulnerability. Specifically, the to parameter of the "reservation.php" resource does not validate the characters received, and they are se...
CVE-2023-6360
The 'My Calendar' WordPress Plugin, version 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route...
PT-2023-7555 · WordPress · Wordpress Calendar Plugin
Name of the Vulnerable Software and Affected Versions: My Calendar WordPress Plugin version 3.4.22 Description: The issue is related to an unauthenticated SQL injection vulnerability. This vulnerability is present in the from and to parameters in the "/my-calendar/v1/events" rest route. It allows...
Mattermost 输入验证错误漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an open redirect vulnerability that occurs when a user clicks "Back to Mattermost" after providing an invalid custom URL scheme in /oauth/service/mobilelogin?redirectto=, which...
CVE-2023-3684
A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/deDE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack ma...
PT-2023-17084 · Sourcecodester · Student Study Center Desk Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Student Study Center Desk Management System version 1.0 Description: A problematic issue has been discovered, affecting an unknown function of the file /admin/reports/index.php, specifically the GET Parameter Handler component...
Student Study Center Desk Management System 跨站脚本漏洞
Student Study Center Desk Management System is a student study center desk management system. A cross-site scripting vulnerability exists in SourceCodester Student Study Center Desk Management System version 1.0, which stems from a problem in the file /admin/reports/index.php, where manipulation ...
Student Study Center Desk Management System SQL注入漏洞
Student Study Center Desk Management System is a student study center desk management system. A SQL injection vulnerability exists in SourceCodester Student Study Center Desk Management System version 1.0, which originates from a security issue in the admin/?page=reports&datefrom=2023-02-17& of t...
SUSE CVE-2012-2139
Directory traversal vulnerability in lib/mail/network/deliverymethods/filedelivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. dot dot in the to parameter...
SUSE CVE-2018-16745
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it...
Expense Management System SQL注入漏洞
Expense Management System is an expense management system by Carlo Montero Personal Developer. SourceCodester Expense Management System suffers from a SQL injection vulnerability that originates in the report.php component where the POST parameter handler of the fetchreportcredit function operate...
CVE-2021-25033
The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue...
Github Clearance 输入验证错误漏洞
Github Clearance is using email and password for Rails authentication. An input validation error vulnerability exists in clearance, which stems from the fact that if the value used for returnto contains multiple leading slashes //////example.com, the user ends up being redirected to an external...
CVE-2019-20896
WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter...