1593 matches found
Sql injection
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php...
CVE-2022-27413
CVE-2022-27413 affects Hospital Management System v1.0, with a SQL injection vulnerability in admin.php via the adminname parameter. Multiple sources (NVD, CNVD, Red Hat advisory entries and others) corroborate the flaw exists in the same component. CVSS metrics from NVD indicate high to critical...
Hospital Management System SQL注入漏洞
Hospital Management System is a hospital management system. A SQL injection vulnerability exists in Hospital Management System v1.0, which includes modules for patient information management, appointment services, and financial management. The vulnerability is related to the lack of validation of...
CVE-2022-28527
dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del...
CVE-2022-27429
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via /admin.php/Plugins/update.html...
CVE-2022-27429
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via /admin.php/Plugins/update.html...
CVE-2022-27429
CVE-2022-27429 affects Jizhicms v1.9.5 with a Server-Side Request Forgery (SSRF) via /admin.php/Plugins/update.html. Root cause is an SSRF in the update handler; CVSS metrics indicate high severity (CVSS‑2.0 7.5 HIGH; CVSS‑3.1 9.8 CRITICAL). The provided connected documents do not include any rem...
Sourcecodester Baby Care System SQL注入漏洞(CNVD-2022-35533)
Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 contains a SQL injection vulnerability, which originates from /admin.php?id=siteoptions&social=edit&sid=insid parameter missing validation of external input...
Sourcecodester Baby Care System SQL注入漏洞(CNVD-2022-35535)
Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 is vulnerable to SQL injection, which originates from /admin.php?id=posts...
Sourcecodester Baby Care System SQL注入漏洞(CNVD-2022-35532)
Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 contains a SQL injection vulnerability that originates from the lack of validation of external input SQL statements in the setid parameter in...
Sql injection
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=display&value=0&sid=2...
Sql injection
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=...
Sql injection
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=edit&sid=2...
CVE-2022-28432
The CVE-2022-28432 entry concerns Baby Care System v1.0 with a SQL injection vulnerability exploitable via /admin.php?id=siteoptions&social=display&value=0&sid=2. Public sources describe that the vulnerability arises from missing validation of external input in the SQL statement, enabling potenti...
CVE-2022-1187 WP YouTube Live <= 1.7.21 - Reflected Cross-Site Scripting
The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross-Site Scripting via POST data found in the /inc/admin.php file which allows unauthenticated attackers to inject arbitrary web scripts in versions up to, and including, 1.7.21...
CVE-2022-27475
Cross site scripting XSS vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded...
CVE-2022-27475
Cross site scripting XSS vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded...
Cross site scripting
Cross site scripting XSS vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded...
CVE-2022-27475
Cross site scripting XSS vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded...
CVE-2022-27475
CVE-2022-27475 is an XSS vulnerability in tramyardg hotel-mgmt-system (version 1.0) due to lack of proper data validation/escaping in /admin.php. Exploitation would allow execution of arbitrary JavaScript in the victim’s browser; impact details are described in the linked records as client-side s...