CVE-2024-3355

A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/modusers/controller.php?action=add. The manipulation of the argument name leads to sql...

Call Now Button < 1.4.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Navigate to All Buttons, and...

SourceCodester Aplaya Beach Resort Online Reservation System SQL注入漏洞

Aplaya Beach Resort Online Reservation System is the online room reservation system for Aplaya Beach Resort. A SQL injection vulnerability exists in version 1.0 of the SourceCodester Aplaya Beach Resort Online Reservation System due to an SQL injection in the name parameter of the...

CVE-2024-30270

mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the rspamdmaps...

CVE-2024-30270 mailcow Path Traversal and Arbitrary Code Execution Vulnerability

mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the rspamdmaps...

CVE-2024-30270

The CVE-2024-30270 entry pertains to mailcow: dockerized prior to the 2024-04 release. A vulnerability combines path traversal and arbitrary code execution targeting the rspamd_maps() function, allowing an authenticated admin to overwrite any file writable by the www-data user due to improper pat...

CVE-2024-0672

The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A security vulnerability exists in JetBrains...

Shortlinks by Pretty Links < 3.6.3 - Reflected Cross-Site Scripting via post_status

Description The plugin does not sanitise and escape the poststatus parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-29303

The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection...

CVE-2024-29303

The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection...

CVE-2023-50895

CVE-2023-50895 affects Janitza GridVis up to version 9.0.66; exposed dangerous methods in the de.janitza.pasw.project.server.ServerDatabaseProject load functionality allow remote authenticated administrative users to execute arbitrary Groovy code. Exploitation context and technical details are su...

Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload

Description The plugin does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup PoC 1. Go to the plugin setting and in the "Restore" section...

PT-2024-22854 · Sourcecodester · Sourcecodester Php Task Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester PHP Task Management System version 1.0 Description: The delete admin users function is vulnerable to SQL Injection. This issue allows for potential exploitation, but no specific details about the estimated number of affected...

CVE-2024-29303

The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection...

CVE-2024-29303

The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection...

CVE-2024-29303

CVE-2024-29303 affects SourceCodester PHP Task Management System 1.0. The delete admin users function is vulnerable to SQL Injection, with an attacker-controlled admin_id parameter (GET). Public references show a crafted exploit attempting SQL manipulation, indicating potential data disclosure/mo...

Anchor 安全漏洞

Anchor is an open source lightweight blogging system. A security vulnerability exists in Anchor CMS version v0.12.7, which stems from a cross-site request forgery CSRF in /anchor/admin/users/delete/2...

CVE-2024-2754

A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Affected is an unknown function of the file /admin/usersphoto.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit h...

PT-2024-21941 · Sourcecodester · Sourcecodester Complete E-Commerce Site

Name of the Vulnerable Software and Affected Versions: SourceCodester Complete E-Commerce Site version 1.0 Description: A critical vulnerability has been found in the SourceCodester Complete E-Commerce Site, affecting an unknown function of the file /admin/users photo.php. The manipulation of the...