PT-2023-29426 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns an Authenticated SQL Injection vulnerability. Specifically, the wrong parameter of the "update.php" endpoint does not validate the characters received and they are sent...

PT-2023-29424 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns an Authenticated SQL Injection vulnerability. Specifically, the time parameter of the "update.php" resource does not validate the characters received and they are sent...

CVE-2023-45120

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database...

Projectworlds Online Examination System SQL Injection Vulnerability

Projectworlds Online Examination System is an online examination system from Projectworlds India. A SQL injection vulnerability exists in Projectworlds Online Examination System v1.0, which stems from the "desc" parameter of update.php that does not validate incoming characters and sends them to...

PT-2023-29417 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. Specifically, the fdid parameter of the "/update.php" resource does not validate the characters received, and they are...

Projectworlds Online Examination System SQL Injection Vulnerability

Projectworlds Online Examination System is an online examination system from Projectworlds India. Projectworlds Online Examination System v1.0 suffers from a SQL injection vulnerability, which stems from the "eid" parameter of update.php not validating received characters and sending them to the...

Projectworlds Online Examination System SQL Injection Vulnerability

Projectworlds Online Examination System is an online examination system from Projectworlds India. A SQL injection vulnerability exists in Projectworlds Online Examination System v1.0, which originates from the "email" parameter of update.php that does not validate incoming characters and sends th...

CVE-2023-38557

A vulnerability has been identified in Spectrum Power 7 All versions V23Q3. The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges...

CVE-2023-38557

A vulnerability has been identified in Spectrum Power 7 All versions V23Q3. The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges...

Improper access control

A vulnerability has been identified in Spectrum Power 7 All versions V23Q3. The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges...

CVE-2023-38557

A vulnerability has been identified in Spectrum Power 7 All versions V23Q3. The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges...

CVE-2023-4436

A vulnerability, which was classified as critical, has been found in SourceCodester Inventory Management System 1.0. This issue affects some unknown processing of the file app/action/editupdate.php. The manipulation of the argument userid leads to sql injection. The attack may be initiated...

Online Reviewer System SQL注入漏洞

Online Reviewer System is a software application. An online reviewer system. A SQL injection vulnerability exists in SourceCodester Online Reviewer System version 1.0, which stems from a problem in the file /reviewer/system/system/admins/manage/users/user-update.php, where an operation on the...

PT-2023-10210 · Unknown · Purpleparrots 491-Project

Name of the Vulnerable Software and Affected Versions: purpleparrots 491-Project affected versions not specified Description: A critical issue was found in the Highscore Handler component of the file update.php, leading to sql injection. The estimated number of potentially affected devices...

UBUNTU-CVE-2022-39370

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been...

CVE-2022-39370 Improper access to debug panel in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been...

CVE-2022-39370

CVE-2022-39370 affects GLPI. The issue allows connected users to gain access to the debug panel via the GLPI update script. It has been patched; upgrade to 10.0.4 is recommended. As a workaround, delete the install/update.php script. Public details in the initial description indicate mitigation t...

CVE-2022-39370 Improper access to debug panel in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been...

GLPI 安全漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

PT-2022-7399 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.4 Description: The issue is related to the GLPI update script, which allows connected users to gain access to the debug panel. This could potentially allow a remote attacker to impact the system's integrity. The...