bicycleSharingServer 注入漏洞

bicycleSharingServer is a bicycle sharing JavaWEB backend for huija individual developers in China. An injection vulnerability exists in bicycleSharingServer, which stems from improper manipulation of the Title parameter in the searchAdminMessageShow function in the AdminController.java file, whi...

bicycleSharingServer 注入漏洞

bicycleSharingServer is a bicycle sharing JavaWEB backend for huija individual developers in China. An injection vulnerability exists in bicycleSharingServer version 1.0, which originates from a mishandling of the selectAdminByNameLike function in the AdminController.java file, which could lead t...

CVE-2024-36691

Insecure permissions in the AdminController.AjaxSave method of PPGoJobs v2.8.0 allows authenticated attackers to arbitrarily modify users' account information...

CVE-2019-5310

YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by sitetitle in an admin/system/basic POST request...

CVE-2016-10755

AbanteCart 1.2.8 allows SQL Injection via the sourcelanguage parameter to admin/controller/pages/localisation/language.php and core/lib/languagemanager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php...

CVE-2025-29391

CVE-2025-29391 – horvey Library-Manager v1.0 is affected by a SQL Injection in Admin/Controller/BookController.class.php. The vulnerability stems from improper handling of input in the BookController, enabling attacker-controlled SQL execution. The CVSS v3.1 base score is 7.2 (HIGH) with network ...

PublicCMS 代码问题漏洞

PublicCMS is an open source content management system CMS written in Java language by PublicCMS China. A security vulnerability exists in PublicCMS version v4.0.202406, which originates from the /cms/CmsWebFileAdminController.java component that allows the upload of specially crafted svg or xml...

CVE-2024-13197

A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been rated as problematic. This issue affects the function updateUser of the file src/main/Java/org/zdd/bookstore/web/controller/admin/AdminUserControlle.java. The manipulation leads to cross site scripting. The attack may be...

HouseRent 安全漏洞

HouseRent is a house rental management system by Mr.W individual developer. An auto-caching JWK-Set HTTP client is provided. A security vulnerability exists in HouseRent version 1.0, which stems from unknown functionality in the file src/main/java/com/house/wym/controller/AdminController.java tha...

PT-2025-2067 · Unknown · Singmr Houserent

Name of the Vulnerable Software and Affected Versions: SingMR HouseRent version 1.0 Description: A critical issue has been found, affecting some unknown functionality of the file src/main/java/com/house/wym/controller/AdminController.java. This leads to improper access controls, and the attack ca...

Arbitrary File Upload

Overview alexstack/laravel-cms is a Simple Bootstrap Laravel CMS Affected versions of this package are vulnerable to Arbitrary File Upload due to unchecked access to the downloadFile function in index in LaravelCmsFileAdminController.php. Remediation There is no fixed version for...

CVE-2024-50801

CVE-2024-50801 and CVE-2024-50802 describe SQL Injection in AbanteCart 1.4.0 via the update() function. For CVE-2024-50801, the vulnerability is in public_html/admin/controller/responses/listing_grid/collections.php (id parameter). For CVE-2024-50802, it is in public_html/admin/controller/respons...

CVE-2024-8694

A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is...

PHPGurukul Job Portal SQL注入漏洞

PHPGurukul Job Portal is a PHP-based job search website system from PHPGurukul. A SQL injection vulnerability exists in PHPGurukul Job Portal version 1.0, which originates from the CATEGORY parameter in /jobportal/admin/category/controller.php...

CVE-2024-42773

An Incorrect Access Control vulnerability was found in /admin/editroomcontroller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section...

CVE-2024-42767

Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/addroomcontroller.php...

CVE-2024-42767

Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/addroomcontroller.php...

CVE-2024-3365

A vulnerability was found in SourceCodester Online Library System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/users/controller.php. The manipulation of the argument username leads to cross site scripting. The attack may be initiated remotely...

CVE-2024-2676

A vulnerability, which was classified as critical, was found in Campcodes Online Job Finder System 1.0. Affected is an unknown function of the file /admin/company/controller.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit...

CVE-2024-2672

A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/user/controller.php. The manipulation of the argument UESRID leads to sql injection. The attack may be launched remotely. The...