CVE-2024-1198 openBI Phar User.php addxinzhi deserialization

A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The manipulation of the argument outimgurl leads to deserialization. It is possible to launch the atta...

CVE-2024-1198 openBI Phar User.php addxinzhi deserialization

A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The manipulation of the argument outimgurl leads to deserialization. It is possible to launch the atta...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Login System 1.0. Affected by this issue is some unknown functionality of the file add-user.php. The manipulation of the argument qr-code leads to cross site scripting. The attack may be launched...

CVE-2024-1111 SourceCodester QR Code Login System add-user.php cross site scripting

A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Login System 1.0. Affected by this issue is some unknown functionality of the file add-user.php. The manipulation of the argument qr-code leads to cross site scripting. The attack may be launched...

CVE-2023-7159 gopeak MasterLab User.php update unrestricted upload

A vulnerability was found in gopeak MasterLab up to 3.3.10. It has been declared as critical. Affected by this vulnerability is the function add/update of the file app/ctrl/admin/User.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be launched remotely. T...

CVE-2023-7147

CVE-2023-7147 affects gopeak MasterLab up to 3.3.10. The vulnerability is in the function base64ImageContent in app/ctrl/User.php; manipulation of the image argument allows unrestricted file upload and can be triggered remotely. No exploit details are provided in the documents. Remediation/status...

PT-2023-32914 · Unknown · Gopeak Masterlab

Name of the Vulnerable Software and Affected Versions: gopeak MasterLab versions up to 3.3.10 Description: A critical issue has been found in the function add/update of the file app/ctrl/admin/User.php, where the manipulation of the avatar argument leads to unrestricted upload. This issue can be...

Sql injection

A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function of the file manageuser.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The...

PT-2023-31032 · Klive · Klive

Name of the Vulnerable Software and Affected Versions: 32ns KLive versions 2019-1-19 and earlier Description: The issue allows a remote attacker to obtain sensitive information via a crafted script to the "web/user.php" component. This is achieved through a SQL Injection attack, which enables the...

CVE-2023-43014

Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'firstname' and 'lastname' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents...

Sql injection

Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'firstname' and 'lastname' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents...

CVE-2023-43014

CVE-2023-43014 relates to Asset Management System v1.0 with an authenticated SQL Injection in the fields “first_name” and “last_name” on the user.php page. The underlying issue is improper input handling that enables an authenticated attacker to dump the database contents. Documented impact is hi...

CVE-2023-43014 Asset Management System v1.0 - Authenticated SQL Injection (SQLi)

Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'firstname' and 'lastname' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents...

Impress CMS 1.3.9 Open Redirection

==================================================================================================================================== | Title : impress CMS v1.3.9 Open Redirect vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...

Sql injection

A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file vm\patient\edit-user.php. The manipulation of the argument id00/nic/oldemail/email/spec/Tele leads to...

emlog SQL Injection Vulnerability

emlog is a PHP and MySQL based CMS builder for emlog personal developers. A SQL injection vulnerability exists in emlog version 2.1.9, which stems from the lack of validation of externally entered SQL statements in the file /admin/user.php. An attacker can exploit this vulnerability to execute...

Sql injection

emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php...

CVE-2023-39121

emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php...

CVE-2023-39121

CVE-2023-39121 affects emlog version 2.1.9. A SQL injection vulnerability exists in emlog’s admin/user.php handling and also, per the Nuclei template, in the data backup/restore functionality due to unsanitized input. Impact: attackers with admin credentials could potentially execute arbitrary SQ...

CVE-2023-39121

emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php...