PT-2024-37890 · Sourcecodester · Sourcecodester Inventory Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Inventory Management System version 1.0 Description: A critical issue was found in the Order Handler component of the affected software, specifically in an unknown function of the file action.php. The manipulation of the...

CVE-2024-2351 CodeAstro Ecommerce Site Search action.php sql injection

A vulnerability classified as critical was found in CodeAstro Ecommerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file action.php of the component Search. The manipulation of the argument catid/brandid/keyword leads to sql injection. The attack can be launched...

Sql injection

Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginaction.php resource does not validate the characters received and they are sent unfiltered to the database...

Sql injection

A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has be...

Medical Certificate Generator App SQL注入漏洞

Medical Certificate Generator App is a simple web application for medical clinics. A SQL injection vulnerability exists in SourceCodester Medical Certificate Generator App version 1.0, which stems from a problem in the file action.php, where manipulation of the parameter id can lead to sql...

Sql injection

A vulnerability has been found in SourceCodester Medical Certificate Generator App 1.0 and classified as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument lastname leads to sql injection. The attack can be initiated remotely. The exploit ha...

CVE-2023-0774 SourceCodester Medical Certificate Generator App action.php sql injection

A vulnerability has been found in SourceCodester Medical Certificate Generator App 1.0 and classified as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument lastname leads to sql injection. The attack can be initiated remotely. The exploit ha...

PT-2023-8556 · Sourcecodester · Sourcecodester Medical Certificate Generator App

Name of the Vulnerable Software and Affected Versions: SourceCodester Medical Certificate Generator App version 1.0 Description: The issue is related to a lack of protection against SQL query structure exploitation in the action.php script of the Medical Certificate Generator App. This allows a...

CVE-2022-1442

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

PuneethReddyHC Online Shopping System Advanced 1.0 SQL Injection Vulnerability

PuneethReddyHC Online Shopping System Advanced version 1.0 suffers from a remote SQL injection vulnerability. CVE-2021-41648 CVE-2021-41648 SQL Injection in online-shopping-system The online-shopping-system is vulnerable to un-authenticated error/boolean-based blind & error based SQL Injection...

Company's Recruitment Management System 1.0. - (title) Stored XSS Vulnerability

Exploit Title: Company's Recruitment Management System 1.0. - 'title' Stored Cross-Site Scripting XSS Exploit Author: Aniket Deshmane Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html Software Link:...

CVE-2021-41648

An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input...

PuneethReddyHc Online Shopping System Advanced SQL注入漏洞

PuneethReddyHc Online Shopping System Advanced is an open source online shopping system from the individual developers at Puneeth Reddy HC in India. A SQL injection vulnerability exists in PuneethReddyHc Online Shopping System Advanced, which originates in the /action.php prId parameter...

WordPress SuperStoreFinder / SuperInteractiveMaps 6.3 SQL Injection Vulnerability

?php Title : SuperStoreFinder & SuperInteractiveMaps Wordpress Plugin SQL Injection Researcher : Eagle Eye Exploit Name : SSF & SIM SQL Injection Request type : POST Plugin Author : Joe lz Plugin Website : https://superstorefinder.net/ Version Affected : All version include latest 6.3 Tested on :...

ciro-shop.de XSS vulnerability

Open Bug Bounty ID: OBB-449626 Description| Value ---|--- Affected Website:| ciro-shop.de Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Shee...

lifetambov.ru XSS vulnerability

Vulnerable URL: http://lifetambov.ru/assets/components/tickets/action.php Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 304631 VIP website status:| No Check lifetambov.ru SSL...

WordPress-Mailpress action.php a remote code execution vulnerability

Details source: Heavenly lab Description Mailpress is one of the more popular mail plugin. Plugin Directory: https://wordpress.org/plugins/mailpress/ Official website: http://blog.mailpress.org This vulnerability has been in the 2016 06 on 21 may communicate the information to wordpress. 0x01...

PHP-Coolfile 1.4 Unauthorized Administrative Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9018/info PHP-Coolfile allows unauthorized administrative access due to an error in the way access is evaluated in the action.php file. This could allow a remote user to obtain the administrative username and password for...

Nucleus 3.61 - Multiple Remote File Include

No description provided by source. Nucleus v3.61 === Multiple Remote File Include By n0n0x Homepage: http://priasantai.uni.cc/ Download script :http://sourceforge.net/projects/nucleuscms/ ========================================= nucleus3.61/action.php?DIRLIBS=y0ur g4y sh3ll????????????? 13. / 14...

DynaTracker 1.5.1 action.php base_path Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/23667/info DynaTracker is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and...