Lucene search
K

76 matches found

CNNVD
CNNVD
added 2024/08/06 12:0 a.m.5 views

PayPal,Credit Card and Debit Card Payment SQL注入漏洞

PayPal,Credit Card and Debit Card Payment is a PayPal, Credit Card and Debit Card Payment software by janobe individual developer. A SQL injection vulnerability exists in PayPal,Credit Card and Debit Card Payment version 1.0. An attacker can use this vulnerability to send a specially crafted quer...

9.8CVSS7.5AI score0.0041EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/26 12:0 a.m.5 views

PT-2024-35790 · Unknown · Phpgurukul Zoo Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Zoo Management System version 2.1 Description: A critical issue affects the processing of the file /admin/normal-bwdates-reports-details.php, where the manipulation of the fromdate argument leads to SQL injection. The attack can be...

7.2CVSS7.3AI score0.00396EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/03/22 12:0 a.m.4 views

Online Marriage Registration System 跨站脚本漏洞

Online Marriage Registration System is a website builder that supports online marriage registration. A cross-site scripting vulnerability exists in Online Marriage Registration System version 1.0, which originates from a cross-site scripting XSS vulnerability in the parameter fromdate in file...

5.4CVSS4.4AI score0.00513EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.6 views

PT-2024-22386 · Unknown · Open Source Medicine Ordering System

Name of the Vulnerable Software and Affected Versions: Open Source Medicine Ordering System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the date parameter at the "/admin/reports/index.php" API endpoint. Recommendations: F...

9.8CVSS7.4AI score0.00519EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/03/19 12:0 a.m.21 views

CVE-2024-28303

Open Source Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the date parameter at /admin/reports/index.php...

8.1AI score0.00519EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/19 12:0 a.m.4 views

Online Medicine Ordering System SQL Injection Vulnerability

Online Medicine Ordering System is an online medicine ordering system by Carlo Montero, an individual developer. A SQL injection vulnerability exists in Online Medicine Ordering System v1.0, which is caused by a SQL injection vulnerability in the date parameter of /admin/reports/index.php...

9.8CVSS8AI score0.00519EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/05 12:0 a.m.4 views

PT-2023-4935 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.25 Description: Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability that allows an authenticated user to...

9.8CVSS5.8AI score0.99826EPSS
Exploits136References216
ATTACKERKB
ATTACKERKB
added 2023/05/18 1:15 a.m.3 views

CVE-2023-29985

Sourcecodester Student Study Center Desk Management System v1.0 admin\reports\index.phpdatefrom has a SQL Injection vulnerability...

9.8CVSS7.3AI score0.00877EPSS
Exploits1References2
NVD
NVD
added 2023/05/18 1:15 a.m.19 views

CVE-2023-29985

Sourcecodester Student Study Center Desk Management System v1.0 admin\reports\index.phpdatefrom has a SQL Injection vulnerability...

9.8CVSS9.9AI score0.00877EPSS
Exploits1References1
OSV
OSV
added 2023/04/10 12:15 p.m.4 views

CVE-2023-26774

An issue found in Sales Tracker Management System v.1.0 allows a remote attacker to access sensitive information via sales.php component of the admin/reports endpoint...

7.5CVSS5.8AI score0.01431EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/04/10 12:0 a.m.5 views

Sales Tracker Management System 安全漏洞

Sales Tracker Management System is a sales tracking management system by Carlo Montero Personal Developer. A security vulnerability exists in Sales Tracker Management System version v.1.0. An attacker can exploit this vulnerability to access sensitive information via the sales.php component of th...

7.5CVSS7.3AI score0.01431EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/04/10 12:0 a.m.4 views

PT-2023-20789 · Unknown · Sales Tracker Management System

Name of the Vulnerable Software and Affected Versions: Sales Tracker Management System version 1.0 Description: An issue in the Sales Tracker Management System allows a remote attacker to access sensitive information via the "admin/reports" endpoint, specifically through the sales.php component...

7.5CVSS6.7AI score0.01431EPSS
Exploits1References7
OSV
OSV
added 2023/03/22 2:15 p.m.2 views

CVE-2023-1568

A vulnerability classified as problematic has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file /admin/reports/index.php of the component GET Parameter Handler. The manipulation of the argument dateto leads to cross site...

5.4CVSS3.8AI score0.00646EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/22 12:0 a.m.4 views

Student Study Center Desk Management System 跨站脚本漏洞

Student Study Center Desk Management System is a student study center desk management system. A cross-site scripting vulnerability exists in SourceCodester Student Study Center Desk Management System version 1.0, which stems from a problem in the file /admin/reports/index.php, where manipulation ...

5.4CVSS4AI score0.00646EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/03/17 12:0 a.m.4 views

Student Study Center Desk Management System SQL注入漏洞

Student Study Center Desk Management System is a student study center desk management system. A SQL injection vulnerability exists in SourceCodester Student Study Center Desk Management System version 1.0, which originates from a security issue in the admin/?page=reports&datefrom=2023-02-17& of t...

9.8CVSS7AI score0.00541EPSS
Exploits0References3
Huntr
Huntr
added 2022/09/15 2:24 p.m.12 views

Formula injection via Full Name

🔒️ Requirements Privilege: user. 📝 Description It is possible for a user to change his name by whatever he wants from /profile/settings. In addition, an administrator can get reports about users from Reports Agents. So, a user could change his full name by a formula and abuse formula injection...

6.6AI score
Exploits0
OSV
OSV
added 2022/08/29 2:15 p.m.3 views

CVE-2022-36688

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=...

8.8CVSS5.8AI score0.00866EPSS
Exploits1References1
OSV
OSV
added 2022/08/29 2:15 p.m.3 views

CVE-2022-36689

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=...

8.8CVSS5.8AI score0.00866EPSS
Exploits1References1
OSV
OSV
added 2022/08/29 2:15 p.m.5 views

CVE-2022-36686

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=...

8.8CVSS5.8AI score0.00866EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/08/29 2:15 p.m.4 views

CVE-2022-36686

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=...

8.8CVSS7.4AI score0.00866EPSS
Exploits1References2
Rows per page
Query Builder