76 matches found
Ingredients Stock Management System SQL注入漏洞
Ingredients Stock Management System is an ingredient stock management system from Carlo Montero's personal developer. v1.0 of the Ingredients Stock Management System is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in the month parameter of...
CVE-2022-3015
A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food Ordering System. This issue affects some unknown processing of the file admin/?page=reports. The manipulation of the argument date leads to cross site scripting. The attack may be initiated remotely. The...
CVE-2022-3012
A vulnerability was found in oretnom23 Fast Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file ffos/admin/reports/index.php. The manipulation of the argument date leads to sql injection. The attack may be launched remotely. The...
Hindu Matrimonial Script 安全漏洞
PHP Matrimonial Script Hindu Matrimonial Script is an online matrimonial service website from PHP Matrimonial Script India. A security vulnerability exists in Hindu Matrimonial Script that stems from improperly managed permissions in /admin/reports.php...
CVE-2022-31974
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=...
Rescue Dispatch Management System SQL注入漏洞
Rescue Dispatch Management System is a rescue dispatch management system from Carlo Montero's personal developer. rescue dispatch management system v1.0 is vulnerable to SQL injection, which originates from /rdms/admin/ The vulnerability originates from...
CVE-2022-30886
School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/dailycollectionreport.php...
Glacies IceHRM SQL Injection Vulnerability
Glacies IceHRM is a human resource management system from the Glacies team in Germany. The system includes features such as expense management, recruitment management, payroll management and leave management. A SQL injection vulnerability exists in the Admin Reports feature in Glacies IceHRM...
CVE-2020-6114
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS Commit bb274de1751ffb9d09482fd2538f9950a94c510a . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this...
Sql injection
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS Commit bb274de1751ffb9d09482fd2538f9950a94c510a . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this...
CVE-2020-6114
The CVE-2020-6114 issue affects Glacies IceHRM v26.6.0.OS Admin Reports. TALOS details show an exploitable SQL injection caused by improper handling of the ob parameter used to build the ORDER BY clause in data retrieval paths (core/data.php → BaseService->getData, then Find). The vulnerabilit...
CVE-2020-6114
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS Commit bb274de1751ffb9d09482fd2538f9950a94c510a . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this...
Glacies IceHRM Admin Reports SQL injection Vulnerability
Summary An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS Commit bb274de1751ffb9d09482fd2538f9950a94c510a . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this...
CVE-2011-4958
Cross-site scripting XSS vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING to template placeholders, as demonstrated by a request to 1 admin/reports/, 2...
Cross site scripting
Cross-site scripting XSS vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING to template placeholders, as demonstrated by a request to 1 admin/reports/, 2...
Unidesk Management Administrative Bypass
------------------------------------------------------------------ 1. Summary: Unidesk management appliance is prone to a forceful browsing vulnerability that allows an attacker access to administrator resources. ------------------------------------------------------------------ 2. Description: T...