CVE-2023-49548

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customersupport/ajax.php?action=saveuser...

CVE-2022-32019

Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=savecar...

CVE-2023-50071

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customersupport/ajax.php?action=savedepartment via id or name...

Authentication flaw

A vulnerability was found in SourceCodester Online Pizza Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file admin/ajax.php?action=saveuser of the component Password Change Handler. The manipulation leads to improper authentication. It is possible to...

CVE-2022-28590

A Remote Code Execution RCE vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=installtheme...

Post Grid < 2.1.16 - Reflected Cross-Site Scripting via post_types

The plugin does not sanitise and escape the posttypes parameter before outputting it back in the response of the postgridupdatetaxonomiestermsbyposttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting " name="posttypes"...