IceCMS Security Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation by NgShow individual developers. A security vulnerability exists in Thecosy IceCMS version 2.0.1, which stems from the presence of unknown code in the application that can be exploited by an attacke...

WordPress Plugin Easy2Map Photos SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Easy2Map Photos version...

App1pro Shopicial Cross-Site Scripting Vulnerability

App1pro Shopicial is a social forum software from App1pro, Inc. App1pro Shopicial suffers from a cross-site scripting vulnerability that stems from the presence of unknown code in file search that results in cross-site scripting...

CVE-2023-4851

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may...

Bylancer QuickAI OpenAI SQL注入漏洞

Bylancer QuickAI OpenAI is an artificial intelligence writing assistant and content creator from Bylancer. Bylancer QuickAI OpenAI version 3.8.1 suffers from a SQL injection vulnerability that stems from the presence of unknown code in the file/blog in the component GET Parameter Handler, which...

CVE-2023-3562

A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack can be initiated remotely. The identifier of this...

CVE-2023-3237 OTCMS hard-coded password

A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...

CVE-2023-3237 OTCMS hard-coded password

A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...

Dahua Smart Parking Management 代码问题漏洞

Dahua Smart Parking Management is a parking solution from Dahua, China. A code issue vulnerability exists in Dahua Smart Parking Management 20230528 and prior versions, which stems from an issue with unknown code in the file /ipms/imageConvert/image, where manipulation of the parameter fileUrl ca...

CVE-2023-3058

A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the publi...

YFCMF 安全漏洞

YFCMF is a software application. It provides a lightweight enterprise website management system. A security vulnerability exists in YFCMF before 3.0.4, which stems from unknown code in index.php that causes path traversal...

Guangdong Pythagorean OA Office System 跨站请求伪造漏洞

Guangdong Pythagorean OA Office System Gougu OA is a practical enterprise office system of China Gouguopen open source gouguopen open source . A cross-site request forgery vulnerability exists in Guangdong Pythagorean OA Office System versions prior to 4.50.31. The vulnerability stems from the...

CVE-2023-2776

A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-229282 is the identifier assigned to this vulnerability...

CVE-2023-2660

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file viewcategories.php. The manipulation of the argument c leads to sql injection. The attack can be initiated remotely. The exploit ha...

CVE-2023-2245

A vulnerability was found in hansunCMS 1.4.3. It has been declared as critical. This vulnerability affects unknown code of the file /ueditor/net/controller.ashx?action=catchimage. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed t...

CVE-2023-1860

A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has been declared as problematic. This vulnerability affects unknown code of the file /licenses. The manipulation of the argument view with the input teste"alert%27c4ng4c3ir0%27 leads to cross site scripting. The attack can be...

CVE-2023-1689

A vulnerability classified as problematic was found in SourceCodester Earnings and Expense Tracker App 1.0. This vulnerability affects unknown code of the file Master.php?a=saveearning. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The...

Cross site scripting

A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. This vulnerability affects unknown code of the component Plugin Handler. The manipulation leads to cross site scripting. It is possible to launch the attack on the local host. The exploit has been disclosed to...

CVE-2023-1359

A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /philosophy/admin/user/controller.php?action=add of the component Add New User. The manipulation of the argument UNAME leads ...

CVE-2023-0987

A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file index.php?page=checkout. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed...