Lucene search
K

75 matches found

OSV
OSV
added 2024/08/21 6:15 p.m.2 views

CVE-2024-42786

A SQL injection vulnerability in "/music/viewuser.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page...

8.8CVSS6AI score0.00569EPSS
Exploits1References2
NVD
NVD
added 2024/08/21 6:15 p.m.18 views

CVE-2024-42786

A SQL injection vulnerability in "/music/viewuser.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page...

8.8CVSS0.00569EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/08/21 12:0 a.m.18 views

CVE-2024-42786

A SQL injection vulnerability in "/music/viewuser.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page...

0.00569EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.4 views

PT-2024-30158 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: A SQL injection issue in the "/music/view user.php" endpoint allows an attacker to execute arbitrary SQL commands via the id parameter of the View User Profile Page. This could...

8.8CVSS8.2AI score0.00569EPSS
Exploits1References10
CNNVD
CNNVD
added 2024/08/21 12:0 a.m.4 views

Kashipara Music Management System 安全漏洞

Kashipara Music Management System is a music management system from Kashipara. A SQL injection vulnerability exists in Kashipara Music Management System v1.0, which originates from the lack of validation of the "id" parameter of /music/viewuser.php against external SQL input, and can be exploited...

8.8CVSS8.1AI score0.00569EPSS
Exploits1References3
CVE
CVE
added 2024/08/21 12:0 a.m.50 views

CVE-2024-42786

Affected software/version: Kashipara Music Management System v1.0. Component/endpoint: /music/view_user.php (View User Profile Page) vulnerable via the id parameter. Root cause: lack of validation/external SQL input leading to SQL injection. Impact: attacker can execute arbitrary SQL commands, po...

8.8CVSS8.6AI score0.00569EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/05/01 5:30 a.m.220 views

CVE-2024-27017

CVE-2024-27017 affects the Linux kernel netfilter nft_set_pipapo backend. The issue arises when a generation mask is updated during an in-progress netlink dump, causing the read/update walk iterator to potentially infer the wrong view of the data structure. The advisory notes this vulnerability i...

5.5CVSS6.3AI score0.00277EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2024/04/17 6:15 p.m.3 views

CVE-2024-30982

SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the upid parameter in the /view-user-detail.php file...

9.8CVSS6AI score0.00503EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/17 12:0 a.m.16 views

CVE-2024-30982

SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the upid parameter in the /view-user-detail.php file...

8.3AI score0.00503EPSS
Exploits0References1
CVE
CVE
added 2024/04/17 12:0 a.m.62 views

CVE-2024-30982

CVE-2024-30982 describes a SQL injection in the phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0, exploitable via the upid parameter in /view-user-detail.php to run arbitrary SQL. Reported impact includes potential data exposure/modification. Mitigation from PT-2024-23704 suggests di...

9.8CVSS8.3AI score0.00503EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.7 views

PT-2024-23704 · Unknown · Phpgurukul Cyber Cafe Management System

Name of the Vulnerable Software and Affected Versions: phpgurukul Cyber Cafe Management System Using PHP & MySQL version 1.0 Description: The issue allows attackers to run arbitrary SQL commands via the upid parameter in the "/view-user-detail.php" file. This enables attackers to potentially...

9.8CVSS8AI score0.00503EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/11/03 12:0 a.m.5 views

WisdomGarden Tronclass ilearn Security Breach

WisdomGarden Tronclass ilearn is a teaching platform from WisdomGarden. A security vulnerability exists in WisdomGarden Tronclass ilearn. The vulnerability stems from the uploading of files without proper privilege control, which allows a remote attacker to log in with general privileges, change...

6.5CVSS6.8AI score0.00855EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/27 8:22 p.m.15 views

CVE-2023-40137

In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2AI score0.00091EPSS
Exploits0References2
NVD
NVD
added 2023/05/17 1:15 p.m.46 views

CVE-2023-31702

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...

7.2CVSS7.8AI score0.04312EPSS
Exploits5References2
Prion
Prion
added 2023/05/17 1:15 p.m.18 views

Sql injection

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...

5.8CVSS7.7AI score0.04312EPSS
Exploits5References2Affected Software1
GithubExploit
GithubExploit
added 2023/05/17 6:27 a.m.7 views

Exploit for SQL Injection in Escanav Escan_Management_Console

eScan Management Console 14.0.1400.2281 - SQL Injection Auth...

7.2CVSS8.6AI score0.04312EPSS
Exploits5
Cvelist
Cvelist
added 2023/05/17 12:0 a.m.42 views

CVE-2023-31702

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...

8AI score0.04312EPSS
Exploits5References2
Positive Technologies
Positive Technologies
added 2023/05/17 12:0 a.m.6 views

PT-2023-23422 · Microworld · Microworld Escan Management Console

Name of the Vulnerable Software and Affected Versions: MicroWorld eScan Management Console version 14.0.1400.2281 Description: The issue allows a remote attacker to perform SQL injection in the View User Profile feature, enabling them to dump the entire database and gain a Windows XP command shel...

7.2CVSS8.8AI score0.04312EPSS
Exploits5References9
CNNVD
CNNVD
added 2023/05/11 12:0 a.m.3 views

Rockwell Automation ArmorStart ST 跨站脚本漏洞

Rockwell Automation ArmorStart ST is a simple and cost-effective solution for machine-side control architectures from Rockwell Automation. A cross-site scripting vulnerability exists in Rockwell Automation ArmorStart ST, which can be exploited by an attacker to view user data and modify the web...

5.9CVSS6.1AI score0.0062EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/08/10 8:15 p.m.5 views

CVE-2022-35293

Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application...

9.1CVSS7.3AI score0.00626EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder