1732 matches found
CVE-2022-32020
Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via ip/car-rental-management-system/admin/ajax.php?action=savesettings...
CVE-2022-32021
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/managemovement.php?id=...
CVE-2022-32028
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manageuser.php?id=...
CVE-2022-31351
Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manageprice.php?id=...
Complete Online Job Search System SQL注入漏洞
Complete Online Job Search System is an online job search system. SQL injection vulnerability exists in Complete Online Job Search System, which originates from /eris/admin/user/index.php?view=edit&id=page missing validation of external input SQL statement validation. An attacker could use this...
Online Fire Reporting System SQL注入漏洞
Online Fire Reporting System is an online fire reporting system from Carlo Montero's personal developer. version v1.0 of Online Fire Reporting System is vulnerable to SQL injection, which originates from /ofrs/admin/?page=requests/ viewrequest&id=Lack of validation of external input SQL statement...
CVE-2022-31000
The CVE concerns solidus_backend, the admin interface of the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 are affected by a cross-site request forgery (CSRF) that lets an attacker change the state of an order’s adjustments if they know the order number, with the actio...
Solidus 跨站请求伪造漏洞
Solidus is an open source e-commerce system. solidusbackend is the administrative interface of the Solidus e-commerce framework. solidusbackend is vulnerable to cross-site request forgery, which can be exploited by attackers to change the status of order adjustments while holding an order number,...
CVE-2022-29676
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan...
CVE-2021-37413
GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login...
CVE-2022-30073
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting XSS via /admin/users/save.php...
Plone Code Injection vulnerability
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...
GHSA-7HXC-MWX7-5HMC Plone Code Injection vulnerability
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...
GHSA-V6GF-X8FP-532V Improper Neutralization of Input During Web Page Generation in Apache Solr
Cross-site scripting XSS vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI...
GHSA-RW75-M7GP-92M3 Django data leakage via querystring manipulation in admin
The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...
CVE-2022-30414
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=applications/viewapplication&id=...
CVE-2022-30371
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargotypes/viewcargotype.php?id=...
CVE-2022-29748
Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manageclient&id=...
Logo Slider <= 1.4.8 - Admin+ SQLi
The plugin does not sanitise and escape the lspsliderid parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection https://example.com/wp-admin/admin.php?page=manageimages&lspsliderid=1+AND+SELECT+7741+FROM+SELECTSLEEP5hlAf...
CVE-2020-19212
SQL Injection vulnerability in admin/grouplist.php in piwigo v2.9.5, via the group parameter to delete...