148 matches found
PT-2023-15569 · Unknown · Tramyardg Hotel-Mgmt-System
Name of the Vulnerable Software and Affected Versions: Tramyardg hotel-mgmt-system version 2022.4 Description: The issue concerns a Cross Site Scripting XSS vulnerability. It can be exploited via the process update profile.php file. Recommendations: For Tramyardg hotel-mgmt-system version 2022.4,...
CVE-2022-48091
Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting XSS via processupdateprofile.php...
Sql injection
A vulnerability was found in barronwaffles dwcnetworkserveremulator. It has been declared as critical. This vulnerability affects the function updateprofile of the file gamespy/gsdatabase.py. The manipulation of the argument firstname/lastname leads to sql injection. The attack can be initiated...
dwc_network_server_emulator SQL注入漏洞
dwcnetworkserveremulator is a Nintendo DS and Wii online multiplayer server emulator by barronwaffles individual developer. An SQL injection vulnerability exists in dwcnetworkserveremulator, which stems from a problem with the function updateprofile in the file gamespy/gsdatabase.py, where...
PT-2022-9025 · Unknown · Dwc Network Server Emulator
Name of the Vulnerable Software and Affected Versions: barronwaffles dwc network server emulator affected versions not specified Description: A critical issue has been found in the dwc network server emulator, affecting the update profile function in the file gamespy/gs database.py. The...
CVE-2022-43050
Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component updateprofile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
PT-2022-26730 · Unknown · Online Tours & Travels Management System
Name of the Vulnerable Software and Affected Versions: Online Tours & Travels Management System version 1.0 Description: The issue is related to an arbitrary file upload vulnerability in the update profile.php component. This allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-38351
A vulnerability in Suprema BioStar aka Bio Star 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page...
CVE-2022-38351
A vulnerability in Suprema BioStar aka Bio Star 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page...
PT-2022-24382 · Suprema · Suprema Biostar 2
Name of the Vulnerable Software and Affected Versions: Suprema BioStar aka Bio Star 2 version 2.8.16 Description: A vulnerability in the software allows attackers to escalate privileges to System Administrator via a crafted PUT request to the "update profile page" API endpoint. This issue enables...
CVE-2021-41651
A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in processupdateprofile.php...
CVE-2021-24654
The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attack...
CVE-2021-25791
Multiple stored cross site scripting XSS vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields...
CVE-2021-25791
Multiple stored cross site scripting XSS vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields...
Cross site scripting
Multiple stored cross site scripting XSS vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields...
CVE-2021-25791
Multiple stored cross site scripting XSS vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields...
CVE-2021-25791
CVE-2021-25791 affects Online Doctor Appointment System 1.0 and describes multiple stored XSS in the Update Profile module. Vulnerable component: First Name, Last Name, and Address fields where user input is stored and later rendered. Impact: authenticated users can execute arbitrary web scripts ...
Online Doctor Appointment System 跨站脚本漏洞
Online Doctor Appointment System is an online doctor appointment system developed using PHP, JavaScript and CSS. A cross-site scripting vulnerability exists in Online Doctor Appointment System 1.0 that allows an authenticated attacker to execute arbitrary web script or HTML via a crafted payload ...
Online Doctor Appointment System 1.0 - 'Multiple' Stored XSS
Exploit Title: Online Doctor Appointment System 1.0 - 'Multiple' Stored XSS Tested on: Windows 10 Exploit Author: Mohamed habib Smidi Craniums Date: 2021-01-08 Vendor Homepage: https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html Software Link:...
CVE-2020-36155
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wpcapabilities user meta that defines a user's role. During the registration...