📄 Control Web Panel 0.9.8.1208 Remote Code Execution

Control Web Panel CWP versions less than or equal to 0.9.8.1208 are vulnerable to unauthenticated OS command injection. User input passed via the "key" GET parameter to /admin/index.php when the "api" parameter is set is not properly sanitized before being used to execute OS commands. This can be...

CodeAstro Real Estate Management System SQL注入漏洞

CodeAstro Real Estate Management System is a real estate management system from CodeAstro. A SQL injection vulnerability exists in CodeAstro Real Estate Management System version 1.0, which is caused by incorrect manipulation of the parameter User in the file /admin/index.php...

Simple Online Bidding System SQL注入漏洞

Simple Online Bidding System is an online bidding system by oretnom23 individual developer. SourceCodester Simple Online Bidding System version 1.0 suffers from a SQL injection vulnerability that originates from /simple-online-bidding-system/admin/index.php contains unknown processing, which lead...