CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2022/11/22 12:0 a.m.•3 views

AeroCMS SQL注入漏洞

AeroCMS is a content management system from AeroCMS, Inc. A security vulnerability exists in AeroCMS v0.0.1, which stems from the postcategoryid parameter of its adminincludeseditpost.php component allowing an attacker to implement SQL injection resulting in access to database information. No...

4.9CVSS7.8AI score0.00745EPSS

Positive Technologies•added 2022/11/22 12:0 a.m.•4 views

PT-2022-27568 · Aerocms · Aerocms

Name of the Vulnerable Software and Affected Versions: AeroCMS version 0.0.1 Description: The issue allows attackers to access database information through a SQL Injection vulnerability. This vulnerability is exploited via the post category id parameter at the "adminincludesedit post.php" endpoin...

4.9CVSS8AI score0.00745EPSS

Exploits1References6

OSV•added 2022/11/01 2:15 p.m.•4 views

CVE-2022-43076

A cross-site scripting XSS vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail parameter...

4.8CVSS5.9AI score0.00457EPSS

CNNVD•added 2022/11/01 12:0 a.m.•4 views

Web-Based Student Clearance System 跨站脚本漏洞

Web-Based Student Clearance System is a web-based student clearance system by the individual developer Ndueso Okorie. A cross-site scripting vulnerability exists in Web-Based Student Clearance System version v1.0, which originates from a cross-site scripting XSS vulnerability contained in...

4.8CVSS5.3AI score0.00457EPSS

NVD•added 2022/10/28 8:15 a.m.•15 views

CVE-2022-3733

A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. This affects an unknown part of the file Admin/edit-admin.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploi...

8.8CVSS0.00533EPSS

CNNVD•added 2022/10/28 12:0 a.m.•2 views

seccome Ehoney 安全漏洞

seccome Ehoney is a secure, fast, highly interactive, enterprise-class honeypot management system from China seccome open source. A security vulnerability exists in seccome Ehoney, which stems from the manipulation of the parameter id in an unknown part of its file Admin/edit-admin.php leading to...

8.8CVSS8AI score0.00533EPSS

BDU FSTEC•added 2022/10/13 12:0 a.m.•5 views

The vulnerability of the admin_edit.php implementation in the online book store allows a hacker to execute arbitrary code.

The vulnerability of the adminedit.php script used by the Online Book Store involves a lack of protection for the SQL query structure when processing the bookisbn parameter. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

10CVSS8.3AI score0.01944EPSS

Exploits1References3Affected Software1

OSV•added 2022/09/15 2:15 a.m.•1 views

CVE-2022-38595

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edituser.php...

7.2CVSS5.8AI score

Exploits0References1

OSV•added 2022/09/15 2:15 a.m.•2 views

CVE-2022-38594

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/editvisitor.php...

7.2CVSS5.8AI score0.00734EPSS

ATTACKERKB•added 2022/09/15 2:15 a.m.•3 views

CVE-2022-38595

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edituser.php...

7.2CVSS5.8AI score0.00734EPSS

Positive Technologies•added 2022/09/15 12:0 a.m.•3 views

PT-2022-24473 · Unknown · Church Management System

Name of the Vulnerable Software and Affected Versions: Church Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/admin/edit user.php" API endpoint. Recommendations: For Church Manageme...

7.2CVSS7.1AI score0.00734EPSS

ATTACKERKB•added 2022/09/12 9:15 p.m.•4 views

CVE-2022-38605

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/editevent.php...

7.2CVSS5.8AI score0.0083EPSS

CNNVD•added 2022/08/11 12:0 a.m.•15 views

Simple Online Book Store System 跨站脚本漏洞

Simple Online Book Store System is a simple online bookstore system by Carlo Montero, an individual developer. Simple Online Book Store System suffers from a cross-site scripting vulnerability, which stems from an unknown function in its /admin/edit.php component that operates on the parameter ei...

6.1CVSS5.8AI score0.00384EPSS

Exploits0References2

OSV•added 2022/06/27 7:15 a.m.•1 views

CVE-2022-2213

A vulnerability was found in SourceCodester Library Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/editadmindetails.php?id=admin. The manipulation of the argument Name leads to cross site scripting. The...

5.4CVSS3.8AI score0.00533EPSS

Exploits0References2

OSV•added 2022/06/16 7:15 p.m.•5 views

CVE-2020-35597

Victor CMS 1.0 is vulnerable to SQL injection via cid parameter of admineditcomment.php, pid parameter of admineditpost.php, uid parameter of adminedituser.php, and edit parameter of adminupdatecategories.php...

8.8CVSS5.8AI score0.01409EPSS

ATTACKERKB•added 2022/06/02 2:15 p.m.•3 views

CVE-2022-30810

elitecms v1.01 is vulnerable to SQL Injection via admin/editpost.php...

9.8CVSS5.9AI score0.01081EPSS

OSV•added 2022/06/02 2:15 p.m.•4 views

CVE-2022-30810

elitecms v1.01 is vulnerable to SQL Injection via admin/editpost.php...

9.8CVSS5.8AI score0.01081EPSS