90 matches found
CVE-2024-35306 OS Command injection in Ajax PHP files through HTTP Request
OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through 777...
Kashipara Food Management System SQL注入漏洞
Kashipara Food Management System is a food management system from Kashipara. A SQL injection vulnerability exists in Kashipara Food Management System version 1.0, which is caused by the lack of validation of the itemname parameter of the billAjax.php file against external SQL input, and can be...
CVE-2023-51048
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Anewsauth parameter at /admin/ajax.php...
CVE-2023-51049
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Abbsauth parameter at /admin/ajax.php...
PT-2023-31748 · S Cms · S-Cms
Name of the Vulnerable Software and Affected Versions: S-CMS version 5.0 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the A newsauth parameter at the "/admin/ajax.php" API endpoint. Recommendations: For S-CMS version 5.0, consider restricting access ...
CVE-2023-48823
A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login...
Chamilo LMS Security Vulnerability
Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version v1.11.24 and prior...
Chamilo LMS Security Vulnerability
Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version v1.11.24 and prior...
CVE-2023-33665
ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...
CVE-2023-33666
ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...
CVE-2023-30153
An SQL injection vulnerability in the Payplug payplug module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller...
Faculty Evaluation System 代码问题漏洞
Faculty Evaluation System is a faculty evaluation system by the individual developer Carlo Montero. A security vulnerability exists in version 1.0 of the Sourcecodester Faculty Evaluation System, which originates from an arbitrary code execution vulnerability in ip/eval/ajax.php...
PT-2022-26538 · Candidats · Candidats
Name of the Vulnerable Software and Affected Versions: CandidATS version 3.0.0 Description: The issue allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not properly validate user input against XSS attacks, specifically on the...
CVE-2022-38254
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting XSS vulnerability via the ajax.php script in CCM 3.1.5...
Nagios XI 跨站脚本漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI versions prior to v5.8.7, which stems from the discovery of a...
Indexhibit 跨站脚本漏洞
Indexhibit is a web-based content management system. A reflection-based cross-site scripting vulnerability exists in the /plugin/ajax.php component of Indexhibit version 2.1.5. An attacker could use this vulnerability to execute arbitrary web script or HTML...
DzzOffice 跨站脚本漏洞
Dzzoffice is a set of open source office suite for enterprises, teams to build their own similar to the "Google Apps Suite", "Microsoft Office365" enterprise collaboration platform. A cross-site scripting vulnerability exists in attach/ajax.php in DzzOffice 2.02.1 and earlier versions. The...
CentOS Web Panel Operating System Command Injection Vulnerability (CNVD-2020-44594)
CentOS Web Panel CWP is a free web hosting control panel. An operating system command injection vulnerability exists in the ajaxphppecl.php file in the CentOS Web Panel cwp-el7-0.9.8.891 release, which stems from failure to properly validate user-supplied strings before executing system calls. An...
PT-2020-14537 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax php pecl.php...
CVE-2017-18634
The newspaper theme before 6.7.2 for WordPress has script injection via tdadsheader to admin-ajax.php...