Lucene search
K

90 matches found

Vulnrichment
Vulnrichment
added 2024/06/10 2:30 p.m.23 views

CVE-2024-35306 OS Command injection in Ajax PHP files through HTTP Request

OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through 777...

8.7CVSS7.8AI score0.00926EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/07 12:0 a.m.7 views

Kashipara Food Management System SQL注入漏洞

Kashipara Food Management System is a food management system from Kashipara. A SQL injection vulnerability exists in Kashipara Food Management System version 1.0, which is caused by the lack of validation of the itemname parameter of the billAjax.php file against external SQL input, and can be...

6.5CVSS8.2AI score0.00526EPSS
Exploits1References4
OSV
OSV
added 2023/12/21 4:15 p.m.6 views

CVE-2023-51048

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Anewsauth parameter at /admin/ajax.php...

9.8CVSS5.8AI score0.00534EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/12/21 4:15 p.m.3 views

CVE-2023-51049

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Abbsauth parameter at /admin/ajax.php...

9.8CVSS5.9AI score0.00534EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/21 12:0 a.m.6 views

PT-2023-31748 · S Cms · S-Cms

Name of the Vulnerable Software and Affected Versions: S-CMS version 5.0 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the A newsauth parameter at the "/admin/ajax.php" API endpoint. Recommendations: For S-CMS version 5.0, consider restricting access ...

9.8CVSS9.5AI score0.00534EPSS
Exploits0References6
OSV
OSV
added 2023/12/07 7:15 a.m.4 views

CVE-2023-48823

A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login...

9.8CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2023/11/28 12:0 a.m.6 views

Chamilo LMS Security Vulnerability

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version v1.11.24 and prior...

8.8CVSS7AI score0.02433EPSS
Exploits6References5
CNNVD
CNNVD
added 2023/11/28 12:0 a.m.8 views

Chamilo LMS Security Vulnerability

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version v1.11.24 and prior...

8.8CVSS7AI score0.02433EPSS
Exploits6References5
ATTACKERKB
ATTACKERKB
added 2023/08/04 12:15 a.m.4 views

CVE-2023-33665

ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

9.8CVSS7.4AI score0.00519EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/08/03 8:15 p.m.3 views

CVE-2023-33666

ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

9.8CVSS7.4AI score0.00519EPSS
Exploits0References3
OSV
OSV
added 2023/07/18 7:15 p.m.4 views

CVE-2023-30153

An SQL injection vulnerability in the Payplug payplug module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller...

9.8CVSS6.1AI score0.00783EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/06/06 12:0 a.m.6 views

Faculty Evaluation System 代码问题漏洞

Faculty Evaluation System is a faculty evaluation system by the individual developer Carlo Montero. A security vulnerability exists in version 1.0 of the Sourcecodester Faculty Evaluation System, which originates from an arbitrary code execution vulnerability in ip/eval/ajax.php...

7.2CVSS7.8AI score0.01112EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/11/03 12:0 a.m.5 views

PT-2022-26538 · Candidats · Candidats

Name of the Vulnerable Software and Affected Versions: CandidATS version 3.0.0 Description: The issue allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not properly validate user input against XSS attacks, specifically on the...

6.1CVSS6AI score0.01071EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2022/09/07 10:15 p.m.6 views

CVE-2022-38254

Nagios XI before v5.8.7 was discovered to contain a cross-site scripting XSS vulnerability via the ajax.php script in CCM 3.1.5...

6.1CVSS5.6AI score0.01781EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/09/07 12:0 a.m.7 views

Nagios XI 跨站脚本漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI versions prior to v5.8.7, which stems from the discovery of a...

6.1CVSS5.9AI score0.01781EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/08/30 12:0 a.m.7 views

Indexhibit 跨站脚本漏洞

Indexhibit is a web-based content management system. A reflection-based cross-site scripting vulnerability exists in the /plugin/ajax.php component of Indexhibit version 2.1.5. An attacker could use this vulnerability to execute arbitrary web script or HTML...

6.1CVSS5.6AI score0.00574EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/01/27 12:0 a.m.7 views

DzzOffice 跨站脚本漏洞

Dzzoffice is a set of open source office suite for enterprises, teams to build their own similar to the "Google Apps Suite", "Microsoft Office365" enterprise collaboration platform. A cross-site scripting vulnerability exists in attach/ajax.php in DzzOffice 2.02.1 and earlier versions. The...

6.1CVSS6.2AI score0.02848EPSS
Exploits4References6
CNVD
CNVD
added 2020/08/05 12:0 a.m.3 views

CentOS Web Panel Operating System Command Injection Vulnerability (CNVD-2020-44594)

CentOS Web Panel CWP is a free web hosting control panel. An operating system command injection vulnerability exists in the ajaxphppecl.php file in the CentOS Web Panel cwp-el7-0.9.8.891 release, which stems from failure to properly validate user-supplied strings before executing system calls. An...

10CVSS8.1AI score0.08411EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/06/25 12:0 a.m.5 views

PT-2020-14537 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax php pecl.php...

10CVSS9.7AI score0.08083EPSS
Exploits0References2
OSV
OSV
added 2019/09/16 12:15 p.m.4 views

CVE-2017-18634

The newspaper theme before 6.7.2 for WordPress has script injection via tdadsheader to admin-ajax.php...

9.8CVSS5.8AI score0.02173EPSS
Exploits1References1
Rows per page
Query Builder