Lucene search
K

110 matches found

CNNVD
CNNVD
added 2025/07/27 12:0 a.m.7 views

Code-Projects Exam Form Submission 注入漏洞

Code-Projects Exam Form Submission is an open source exam form from Code-Projects. An injection vulnerability exists in Code-Projects Exam Form Submission version 1.0, which stems from SQL injection due to incorrect manipulation of the parameter email in the file /admin/...

9.8CVSS7.8AI score0.00498EPSS
Exploits1References6
CNVD
CNVD
added 2025/06/06 12:0 a.m.1 views

News Portal /forgot-password.php File SQL Injection Vulnerability

News Portal is a news portal. News Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Username in the file /admin/forgot-password.php. An attacker can exploit this vulnerability to execute illegal SQL...

9.8CVSS8.3AI score0.00394EPSS
Exploits1References1
CNVD
CNVD
added 2025/05/22 12:0 a.m.2 views

News Portal Project /contactus.php File SQL Injection Vulnerability

News Portal Project is a news portal project. News Portal Project suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter pagetitle in the file /admin/contactus.php. An attacker can exploit this vulnerability to...

9.8CVSS8.3AI score0.00472EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/19 12:0 a.m.3 views

Lecms 代码注入漏洞

Lecms is a ten million large data bearing web content management system developed by Lecms Inc. in PHP language. A code injection vulnerability exists in Lecms 3.0.3 and earlier versions, which stems from a cross-site scripting issue with the Edit Profile component in files/admin...

4.8CVSS4.3AI score0.00295EPSS
Exploits0References4
OSV
OSV
added 2024/06/25 11:58 a.m.47 views

BIT-OPENCART-2024-21516

This affects versions of the package opencart/opencart from 4.0.0.0 and before 4.1.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The...

4.7CVSS4.8AI score0.00366EPSS
Exploits1References3
OSV
OSV
added 2024/06/22 6:30 a.m.19 views

GHSA-PQHQ-77PW-763C Cross site scripting in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompte...

4.2CVSS4.8AI score0.00366EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/06/22 6:30 a.m.26 views

Cross site scripting in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompte...

4.7CVSS4.8AI score0.00366EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/06/22 5:0 a.m.16 views

CVE-2024-21515

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login a...

2.1CVSS6.3AI score0.00366EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/06/21 12:0 a.m.7 views

PT-2024-18929 · Opencart · Opencart

Name of the Vulnerable Software and Affected Versions: opencart/opencart versions 4.0.0.0 through 4.1.0.0 Description: A reflected XSS issue was identified in the directory parameter of the admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click ...

4.7CVSS6.2AI score0.00366EPSS
Exploits1References11
Snyk
Snyk
added 2024/06/17 2:38 p.m.4 views

Reflected Cross-site Scripting

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Reflected Cross-site Scripting. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the...

4.7CVSS5.9AI score0.00366EPSS
Exploits1References2
Snyk
Snyk
added 2024/06/17 2:2 p.m.6 views

Reflected Cross-site Scripting

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Reflected Cross-site Scripting. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to clic...

4.7CVSS4.8AI score0.00366EPSS
Exploits1References2
OSV
OSV
added 2024/05/17 1:15 p.m.3 views

CVE-2024-5045

A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit...

7.5CVSS4.8AI score0.00525EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.7 views

PT-2024-18427 · Ctcms · Ctcms

Name of the Vulnerable Software and Affected Versions: Ctcms version 2.1.2 Description: A critical issue has been identified, affecting the file ctcms/apps/controllers/admin/Upsys.php, which leads to unrestricted upload. The attack can be initiated remotely, with a rather high complexity, making...

8.1CVSS5.3AI score0.00597EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/02/23 12:0 a.m.4 views

SourceCodester Complete File Management System SQL Injection Vulnerability

Complete File Management System is a file management system by nelzkie15 Personal Developer. A SQL injection vulnerability exists in SourceCodester Complete File Management System version 1.0, which originates from a SQL injection vulnerability in the file /admin/ of the component admin Login For...

9.8CVSS8AI score0.00881EPSS
Exploits1References2
OSV
OSV
added 2023/12/28 2:15 p.m.4 views

CVE-2023-7126

A vulnerability classified as critical has been found in code-projects Automated Voting System 1.0. This affects an unknown part of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may...

8.8CVSS5.6AI score0.00701EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/12/28 12:0 a.m.9 views

PT-2023-32899 · Unknown · Code-Projects Client Details System

Name of the Vulnerable Software and Affected Versions: code-projects Client Details System version 1.0 Description: A critical issue was found in the HTTP POST Request Handler component, affecting an unknown part of the file /admin. The manipulation of the username argument leads to SQL injection...

8.8CVSS8.1AI score0.00701EPSS
Exploits1References7
Cvelist
Cvelist
added 2023/12/28 12:0 a.m.16 views

CVE-2023-50692

File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the downloadurl parameter in the app/admin/exts/ directory...

9AI score0.00938EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:41 a.m.5 views

SUSE CVE-2017-12419

If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide, and the MySQL client has a localinfile setting enabled in php.ini...

4.9CVSS5.2AI score0.01339EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/04/21 8:15 p.m.2 views

CVE-2022-28010

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\overtimedelete.php...

8.8CVSS7.2AI score0.01095EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2021/10/22 12:0 a.m.4 views

The vulnerability of the Synergia operating system, related to errors in access control policies of SELinux, allows a perpetrator to gain access to view and copy files from the admin directory.

The vulnerability of the Synergia operating system is related to errors in access control policies set by SELinux. Exploiting this vulnerability could allow an attacker to gain read access to files located in the directory belonging to highly privileged users...

5.1CVSS5.5AI score
Exploits0
Rows per page
Query Builder