Lucene search
K

1339 matches found

Cvelist
Cvelist
added 2025/07/07 12:32 p.m.10 views

CVE-2025-7128 Campcodes Payroll Management System ajax.php sql injection

A vulnerability has been found in Campcodes Payroll Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=calculatepayroll. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploi...

7.5CVSS0.00454EPSS
Exploits1References5
CVE
CVE
added 2025/06/28 9:0 p.m.25 views

CVE-2025-6826

The CVE-2025-6826 entry concerns code-projects Payroll Management System 1.0 where the vulnerability resides in /Payroll_Management_System/ajax.php?action=save_department. The root cause is an SQL injection caused by manipulation of the ID parameter, enabling remote exploitation. Public disclosur...

9.8CVSS7.5AI score0.00399EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/06/21 10:31 p.m.8 views

CVE-2025-6422 Campcodes Online Recruitment Management System About Content Page ajax.php unrestricted upload

A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=savesettings of the component About Content Page. The manipulation of the argument img leads to...

6.5CVSS0.00359EPSS
Exploits1References5
CVE
CVE
added 2025/06/21 10:31 p.m.23 views

CVE-2025-6422

CVE-2025-6422 affects Campcodes Online Recruitment Management System 1.0, where an unrestricted upload is possible via /admin/ajax.php?action=save_settings (About Content Page) by manipulating the img parameter. The vulnerability is exploitable remotely and, per sources, the exploit has been disc...

8.8CVSS6.5AI score0.00359EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/04 12:14 a.m.12 views

CVE-2025-45387

osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php...

5.4CVSS6.8AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2025/06/02 6:15 p.m.13 views

CVE-2025-45387

osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php...

5.4CVSS0.00208EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/02 12:0 a.m.11 views

CVE-2025-45387

osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php...

0.00208EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:2 a.m.9 views

CVE-2024-29809

The imageurl parameter of the AJAX call to the editimagebwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the imageurl parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The...

5.4CVSS6.7AI score0.00412EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:49 a.m.5 views

CVE-2024-7359

A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /ajax.php?action=saveestablishment. The manipulation of the argument name leads to cross site scripting. The...

6.1CVSS6.2AI score0.00428EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:10 a.m.6 views

CVE-2024-6417

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action=deleteuser. The manipulation of the argument id leads to sql injection. The attack may be launched...

7.5CVSS7.8AI score0.00453EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:59 a.m.9 views

CVE-2023-51049

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Abbsauth parameter at /admin/ajax.php...

9.8CVSS8.3AI score0.00534EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:59 a.m.8 views

CVE-2023-51050

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Aproductauth parameter at /admin/ajax.php...

9.8CVSS8.3AI score0.00534EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:11 a.m.6 views

CVE-2023-39676

FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the callback parameter at ajax.php...

6.1CVSS6.1AI score0.01343EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:53 a.m.5 views

CVE-2023-33664

ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

8.8CVSS8.3AI score0.00756EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:12 a.m.3 views

CVE-2023-24646

An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file...

9.8CVSS7.9AI score0.01071EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:2 a.m.9 views

CVE-2023-33665

ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...

9.8CVSS8.3AI score0.00519EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:12 a.m.8 views

CVE-2022-32019

Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=savecar...

9.8CVSS7.4AI score0.0241EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:24 a.m.7 views

CVE-2022-46950

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=deletewindow...

7.2CVSS8.3AI score0.00821EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:24 a.m.8 views

CVE-2022-46954

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=deletetransaction...

9.8CVSS8.3AI score0.00602EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 11:11 p.m.9 views

CVE-2022-32020

Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via ip/car-rental-management-system/admin/ajax.php?action=savesettings...

9.8CVSS7.4AI score0.01868EPSS
Exploits1References1
Rows per page
Query Builder