CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Online Nurse Hiring System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component /admin/add-nurse.php via the gender and emailid parameters...

8.4AI score0.0052EPSS

Exploits1References2

CVE•added 2024/12/16 12:0 a.m.•51 views

CVE-2024-55104

CVE-2024-55104 affects Online Nurse Hiring System v1.0. The vulnerability is a set of SQL injection flaws in the /admin/add-nurse.php component, exploitable via the gender and emailid parameters. The CVSSv3.1 metrics indicate a High severity (7.2) with network attack vector, low attack complexity...

7.2CVSS8.5AI score0.0052EPSS

Exploits1References2Affected Software1

NVD•added 2024/10/25 4:15 p.m.•18 views

CVE-2024-48581

File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the adminclass.php component...

9.8CVSS0.01057EPSS

Exploits1References1

Vulnrichment•added 2024/10/22 12:0 a.m.•11 views

CVE-2024-44812

SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component...

8.5AI score0.01162EPSS

Exploits0References1

Cvelist•added 2024/10/22 12:0 a.m.•16 views

CVE-2024-44812

SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component...

0.01162EPSS

Exploits0References1

OSV•added 2024/09/04 3:15 p.m.•5 views

CVE-2024-44819

Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via a crafted script to the pagename parameter of the admin/del.php component...

6.1CVSS5.8AI score0.00376EPSS

Exploits1References1

Vulnrichment•added 2024/09/04 12:0 a.m.•13 views

CVE-2024-44819

Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via a crafted script to the pagename parameter of the admin/del.php component...

6.2AI score0.00376EPSS

Exploits1References1

Positive Technologies•added 2024/07/05 12:0 a.m.•2 views

PT-2024-28332 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: The issue is related to a Cross-Site Request Forgery CSRF in the component /admin/vpsApiData deal.php. The mudi parameter is involved, specifically when set to del. This allows for unauthorized actions to be...

5.4CVSS7AI score0.00185EPSS

Exploits1References7

Positive Technologies•added 2024/06/27 12:0 a.m.•2 views

PT-2024-28367 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: The issue is related to a Cross-Site Request Forgery CSRF in the /admin/ipRecord deal.php component when the mudi parameter is set to add. This allows for unauthorized actions to be performed. Recommendations:...

6.8CVSS6.7AI score0.00205EPSS

Exploits1References4

NVD•added 2024/06/17 2:15 p.m.•11 views

CVE-2024-37848

SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 allows a local attacker to execute arbitrary code via the admindelete.php component...

8.4CVSS0.00238EPSS

Exploits1References1

NVD•added 2024/06/05 7:15 p.m.•25 views

CVE-2024-36670

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component admin/vpsClassdeal.php?mudi=del...

8.8CVSS7.1AI score0.00289EPSS

Exploits1References1

BDU FSTEC•added 2024/05/31 12:0 a.m.•1 views

The vulnerability of the members/moremember.pl and admin/aqbudgets.pl components of the Koha library process automation software allows a hacker to execute arbitrary commands.

The vulnerability of the members/moremember.pl and admin/aqbudgets.pl components of the Koha library process automation software is related to the absence of a mechanism to neutralize these elements in the CSV file. Exploiting this vulnerability allows a remote attacker to execute arbitrary DDE...

3.5CVSS6AI score0.00811EPSS

Exploits1References2Affected Software1

OSV•added 2024/05/22 2:15 p.m.•2 views

CVE-2024-35553

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/infoMovedeal.php?mudi=add&nohrefStr=close...

8.3CVSS5.8AI score0.00225EPSS

Exploits1References1

OSV•added 2024/05/22 2:15 p.m.•1 views

CVE-2024-35557

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/vpsApideal.php?mudi=rev&nohrefStr=close...

5.5CVSS5.8AI score0.00182EPSS

Exploits1References1