24 matches found
CVE-2022-32391
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/viewaction.php:4...
CVE-2022-32392
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/manageaction.php:4...
CVE-2021-44098
EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expenseaction.php. This allows a remote attacker to compromise Application SQL database...
File inclusion vulnerability in cmseasy '/lib/plugins/filecheck/action.php' page
CmsEasy is a web content management system based on PHP+Mysql architecture. A file inclusion vulnerability exists in the cmseasy '/lib/plugins/filecheck/action.php' page. As the 'Logtype' parameter is not restricted in any way, it allows an attacker to exploit the vulnerability to obtain sensitiv...