CVE-2024-40456

ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php...

CVE-2024-1264

A vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Affected by this vulnerability is the function actionUpdate of the file /api/controllers/common/UploadsController.php. The manipulation of the argument imgage leads to unrestricted upload. The attack can be...

PT-2024-17676 · Juanpao · Jpshop

Name of the Vulnerable Software and Affected Versions: Juanpao JPShop versions up to 1.5.02 Description: A critical issue has been found in the API component, specifically affecting the actionUpdate function of the /api/controllers/merchant/design/MaterialController.php file. The manipulation of...

PT-2024-17680 · Juanpao · Jpshop

Name of the Vulnerable Software and Affected Versions: Juanpao JPShop versions up to 1.5.02 Description: A critical issue was found in the function actionUpdate of the file /api/controllers/merchant/shop/PosterController.php of the component API. The manipulation of the argument pic url leads to...

PT-2024-15601 · Unknown · Fighting Cock Information System

Name of the Vulnerable Software and Affected Versions: Fighting Cock Information System version 1.0 Description: A critical issue has been found in the processing of the file admin/action/update mother.php, where the manipulation of the age mother argument leads to sql injection. The attack can b...

CVE-2021-44096

EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profileaction - updateuser. This allows a remote attacker to compromise Application SQL database...