403 matches found
CVE-2022-47926
AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fstdel.inc.php...
AyaCMS 参数注入漏洞
AyaCMS is an extremely simple and free open source PHP website builder. A security vulnerability exists in AyaCMS version 3.1.2, which can be exploited by easily deleting files via /aya/module/admin/fstdel.inc.php...
XXL-JOB 代码问题漏洞
XXL-JOB is a distributed task scheduling platform based on the java language from the Xu Xueli XXL-JOB community.A security vulnerability exists in versions prior to XXL-JOB v2.3.1, which stems from a vulnerability found via the component /admin/controller/JobLogController.java containing...
CVE-2022-43230
Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/viewdetails...
Hospital Management System 跨站脚本漏洞
The Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. A cross-site scripting vulnerability exists in Hospital Management System version 4.0 that originates from a cross-site scripting...
Simple Cold Storage Management System SQL注入漏洞
Sourcecodester Simple Cold Storage Management System is a web-based application used as a cold storage business website to provide their customers or prospects with an easily accessible platform to learn about their company. A SQL injection vulnerability exists in Simple Cold Storage Management...
CVE-2022-40352
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/updatetraveller.php...
CVE-2022-38594
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/editvisitor.php...
Enable Media Replace < 4.0.0 - Admin+ Path Traversal
The plugin does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example When replacing the file, select "Replace the file, use new file name and update...
JFinal SQL注入漏洞
JFinal is a Java-based WEB + ORM open source framework. JFinal CMS version 5.1.0 has a security vulnerability , the vulnerability stems from /admin/foldernotice/list SQL injection vulnerability...
CVE-2022-36542
An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data...
CVE-2022-36542
An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data...
Edoc-doctor-appointment-system 安全漏洞
Edoc-doctor-appointment-system is a simple web project for e-channels by HashenUdara Personal Developer. A security vulnerability exists in Edoc-doctor-appointment-system version v1.0.1, which stems from an access control issue in the component /ip/admin/. An attacker can exploit the vulnerabilit...
CVE-2017-20114
A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys leads to basic cross site scripting Reflected. The attack can be initiated remotely...
CVE-2022-31941
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via \rdms\admin?page=user\manageuser&id=...
CVE-2022-31914
Zoo Management System v1.0 is vulnerable to Cross Site Scripting XSS via zms/admin/publichtml/saveanimal?anid=24...
CVE-2017-20035
A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting Persistent. The attack may be initiated remotely. Upgrading to...
CVE-2022-32010
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=...
CVE-2022-30834
Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/clientmanageaccountdetails.php?bookingid=31&userid=...
CVE-2019-12349
An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dlsendsms.php via the id parameter...