CVE-2022-50940 Knap Advanced PHP Login 3.1.3 Persistent Cross-Site Scripting via Name Parameter

Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially...

CVE-2022-50940

CVE-2022-50940 affects Knap Advanced PHP Login 3.1.3 with a persistent cross-site scripting vulnerability exploitable via the name parameter. Attackers could potentially inject script code into user-facing flows and activity logs, with possible session hijacking and persistent phishing as describ...

CVE-2024-12926

A vulnerability classified as critical was found in Codezips Project Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/forms/advanced.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The...

ATutor LMS - install_modules.php Cross-Site Request Forgery Remote Code Execution

ATutor LMS - installmodules.php Cross-Site Request Forgery Remote Code Execution / exp.js ATutor LMS " in it - You will need to set the Access-Control-Allow-Origin header to allow the target to pull zips - Use this with your favorite XSS attack - Student proof, aka bullet proof Timeline: 23/02/20...