75 matches found
CVE-2024-42786
A SQL injection vulnerability in "/music/viewuser.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page...
CVE-2024-42786
A SQL injection vulnerability in "/music/viewuser.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page...
CVE-2024-42786
A SQL injection vulnerability in "/music/viewuser.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page...
PT-2024-30158 · Unknown · Kashipara Music Management System
Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: A SQL injection issue in the "/music/view user.php" endpoint allows an attacker to execute arbitrary SQL commands via the id parameter of the View User Profile Page. This could...
Kashipara Music Management System 安全漏洞
Kashipara Music Management System is a music management system from Kashipara. A SQL injection vulnerability exists in Kashipara Music Management System v1.0, which originates from the lack of validation of the "id" parameter of /music/viewuser.php against external SQL input, and can be exploited...
CVE-2024-42786
Affected software/version: Kashipara Music Management System v1.0. Component/endpoint: /music/view_user.php (View User Profile Page) vulnerable via the id parameter. Root cause: lack of validation/external SQL input leading to SQL injection. Impact: attacker can execute arbitrary SQL commands, po...
CVE-2024-27017
CVE-2024-27017 affects the Linux kernel netfilter nft_set_pipapo backend. The issue arises when a generation mask is updated during an in-progress netlink dump, causing the read/update walk iterator to potentially infer the wrong view of the data structure. The advisory notes this vulnerability i...
CVE-2024-30982
SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the upid parameter in the /view-user-detail.php file...
CVE-2024-30982
SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the upid parameter in the /view-user-detail.php file...
CVE-2024-30982
CVE-2024-30982 describes a SQL injection in the phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0, exploitable via the upid parameter in /view-user-detail.php to run arbitrary SQL. Reported impact includes potential data exposure/modification. Mitigation from PT-2024-23704 suggests di...
PT-2024-23704 · Unknown · Phpgurukul Cyber Cafe Management System
Name of the Vulnerable Software and Affected Versions: phpgurukul Cyber Cafe Management System Using PHP & MySQL version 1.0 Description: The issue allows attackers to run arbitrary SQL commands via the upid parameter in the "/view-user-detail.php" file. This enables attackers to potentially...
WisdomGarden Tronclass ilearn Security Breach
WisdomGarden Tronclass ilearn is a teaching platform from WisdomGarden. A security vulnerability exists in WisdomGarden Tronclass ilearn. The vulnerability stems from the uploading of files without proper privilege control, which allows a remote attacker to log in with general privileges, change...
CVE-2023-40137
In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-31702
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...
Sql injection
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...
Exploit for SQL Injection in Escanav Escan_Management_Console
eScan Management Console 14.0.1400.2281 - SQL Injection Auth...
CVE-2023-31702
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...
PT-2023-23422 · Microworld · Microworld Escan Management Console
Name of the Vulnerable Software and Affected Versions: MicroWorld eScan Management Console version 14.0.1400.2281 Description: The issue allows a remote attacker to perform SQL injection in the View User Profile feature, enabling them to dump the entire database and gain a Windows XP command shel...
Rockwell Automation ArmorStart ST 跨站脚本漏洞
Rockwell Automation ArmorStart ST is a simple and cost-effective solution for machine-side control architectures from Rockwell Automation. A cross-site scripting vulnerability exists in Rockwell Automation ArmorStart ST, which can be exploited by an attacker to view user data and modify the web...
CVE-2022-35293
Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application...