CVE-2022-32563

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...

CVE-2022-32019

Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=savecar...

CVE-2022-32020

Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via ip/car-rental-management-system/admin/ajax.php?action=savesettings...

CVE-2022-32021

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/managemovement.php?id=...

CVE-2022-32028

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manageuser.php?id=...

CVE-2022-31351

Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manageprice.php?id=...

Complete Online Job Search System SQL注入漏洞

Complete Online Job Search System is an online job search system. SQL injection vulnerability exists in Complete Online Job Search System, which originates from /eris/admin/user/index.php?view=edit&id=page missing validation of external input SQL statement validation. An attacker could use this...

Online Fire Reporting System SQL注入漏洞

Online Fire Reporting System is an online fire reporting system from Carlo Montero's personal developer. version v1.0 of Online Fire Reporting System is vulnerable to SQL injection, which originates from /ofrs/admin/?page=requests/ viewrequest&id=Lack of validation of external input SQL statement...

CVE-2022-31000

The CVE concerns solidus_backend, the admin interface of the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 are affected by a cross-site request forgery (CSRF) that lets an attacker change the state of an order’s adjustments if they know the order number, with the actio...

Solidus 跨站请求伪造漏洞

Solidus is an open source e-commerce system. solidusbackend is the administrative interface of the Solidus e-commerce framework. solidusbackend is vulnerable to cross-site request forgery, which can be exploited by attackers to change the status of order adjustments while holding an order number,...

CVE-2022-29676

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan...

CVE-2021-37413

GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login...

CVE-2022-30073

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting XSS via /admin/users/save.php...

GHSA-7HXC-MWX7-5HMC Plone Code Injection vulnerability

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...

Plone Code Injection vulnerability

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...

GHSA-V6GF-X8FP-532V Improper Neutralization of Input During Web Page Generation in Apache Solr

Cross-site scripting XSS vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI...

GHSA-RW75-M7GP-92M3 Django data leakage via querystring manipulation in admin

The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...

CVE-2022-30414

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=applications/viewapplication&id=...

CVE-2022-30371

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargotypes/viewcargotype.php?id=...

CVE-2022-29748

Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manageclient&id=...