CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

262 matches found

Prion•added 2022/05/12 4:15 p.m.•8 views

Sql injection

Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=delete...

7.5CVSS9.8AI score0.00264EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2022/05/12 3:15 p.m.•0 views

CVE-2022-29981

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=delete...

9.8CVSS7.3AI score0.00546EPSS

Exploits1References2

OSV•added 2022/04/21 8:15 p.m.•0 views

CVE-2022-28410

Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Users.php?f=deleteagent...

9.8CVSS5.8AI score

Exploits0References1

Prion•added 2022/04/21 8:15 p.m.•8 views

Sql injection

Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Users.php?f=deleteagent...

7.5CVSS9.8AI score0.00377EPSS

Exploits1References1Affected Software1

NVD•added 2022/03/16 8:15 p.m.•12 views

CVE-2022-26293

Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function saveemployee at /ptms/classes/Users.php...

9.8CVSS0.02235EPSS

Exploits2References4

Prion•added 2022/03/16 8:15 p.m.•11 views

Sql injection

Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function saveemployee at /ptms/classes/Users.php...

7.5CVSS9.7AI score0.02235EPSS

Exploits2References4Affected Software1

Cvelist•added 2022/03/16 7:22 p.m.•16 views

CVE-2022-26293

Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function saveemployee at /ptms/classes/Users.php...

10AI score0.02235EPSS

Exploits2References4

CNVD•added 2022/02/10 12:0 a.m.•18 views

Victor CMS users.php SQL注入漏洞

Victor CMS is an open source content management system from the individual developers of Victor Alagwu in Nigeria. victor CMS has a SQL injection vulnerability in v1.0, which stems from the lack of validation of externally entered SQL statements in database-based applications. An attacker could...

7.5CVSS6.8AI score0.00264EPSS

Exploits1References1

NVD•added 2022/01/31 7:15 p.m.•8 views

CVE-2021-46459

Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=adduser. These vulnerabilities can be exploited through a crafted POST request via the username, userfirstname,userlastname, or useremail parameters...

7.5CVSS0.00264EPSS

Exploits1References2

Cvelist•added 2022/01/31 6:38 p.m.•9 views

CVE-2021-46459

8.2AI score0.00264EPSS

Exploits1References2

CVE•added 2022/01/31 6:38 p.m.•45 views

CVE-2021-46459

CVE-2021-46459 affects Victor CMS v1.0. Multiple SQL injection vulnerabilities exist in the admin/users.php?source=add_user component, exploitable via crafted POST requests to parameters user_name, user_firstname, user_lastname, or user_email. Root cause stated: lack of input validation in SQL st...

7.5CVSS7.9AI score0.00264EPSS

Exploits1References2Affected Software1

NVD•added 2021/12/14 3:15 p.m.•9 views

CVE-2021-44949

glFusion CMS 1.7.9 is affected by an access control vulnerability via /publichtml/users.php...

9.8CVSS0.00316EPSS

Exploits1References1

Prion•added 2021/12/14 3:15 p.m.•12 views

Improper access control

glFusion CMS 1.7.9 is affected by an access control vulnerability via /publichtml/users.php...

7.5CVSS9.4AI score0.00316EPSS

Exploits1References1Affected Software1

OSV•added 2021/12/14 1:15 p.m.•10 views

CVE-2021-44937

glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /publichtml/users.php. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied...

5.3CVSS7.1AI score

Exploits0References1

Cvelist•added 2021/12/14 12:43 p.m.•12 views

CVE-2021-44937

5.6AI score0.00172EPSS

Exploits1References1

CNNVD•added 2021/12/14 12:0 a.m.•2 views

GlFusion Cms 授权问题漏洞

GlFusion Cms is a content management and publishing system. glFusion CMS v1.7.9 is vulnerable to an authorization issue, which can be exploited by attackers via /publichtml/users.php...

9.8CVSS5.5AI score0.00316EPSS

Exploits1References2

NVD•added 2021/11/08 9:15 p.m.•9 views

CVE-2021-40261

Multiple Cross Site Scripting XSS vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the 1 userusername and 2 category parameters in saveclass.php, the 3 firstname, 4 class, and 5 status parameters in studenttable.php, the 6 category and 7 classname parameters in...

6.1CVSS0.00328EPSS

Exploits1References1

wpexploit•added 2021/08/10 12:0 a.m.•642 views

miniOrange's Google Authenticator < 5.4.40 - Reflected Cross-Site Scripting

The plugin does not escape the user parameter before outputting it back in an attribute in the dashboard page to confirm the 2FA reset, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/users.php?page=reset&action=resetedit&user="alert/XSS/...

0.6AI score

Exploits0

CVE•added 2021/02/08 11:54 p.m.•77 views

CVE-2021-3294

CVE-2021-3294 concerns the CASAP Automated Enrollment System 1.0. The vulnerability is a Stored Cross-Site Scripting (XSS) in users.php, arising from insufficient validation of user data in the “First Name” field, enabling an attacker to steal cookies and redirect victims to a malicious site. Pub...

5.4CVSS5.2AI score0.0057EPSS

Exploits3References4Affected Software1

Check Point Advisories•added 2020/10/28 12:0 a.m.•0 views

Nagios XI users.php do_update_user Stored Cross-Site Scripting

A stored cross-site scripting vulnerability exists in Nagios XI. The vulnerability is due to insufficient validation of the phone parameter in users.php...

1.7AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by