Lucene search
K

1339 matches found

Cvelist
Cvelist
added 2024/11/26 8:0 p.m.21 views

CVE-2024-11743 SourceCodester Best House Rental Management System POST Request ajax.php cross-site request forgery

A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=deleteuser of the component POST Request Handler. The manipulation leads to cross-site request forgery. It...

6.9CVSS0.00331EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/11/26 8:0 p.m.14 views

CVE-2024-11742 SourceCodester Best House Rental Management System ajax.php cross site scripting

A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0. This issue affects some unknown processing of the file /rental/ajax.php?action=savetenant. The manipulation of the argument lastname/firstname/middlename leads to cross...

5.3CVSS6.5AI score0.00516EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/11/10 9:31 a.m.17 views

CVE-2024-11054 SourceCodester Simple Music Cloud Community System ajax.php unrestricted upload

A vulnerability classified as critical was found in SourceCodester Simple Music Cloud Community System 1.0. This vulnerability affects unknown code of the file /music/ajax.php?action=signup. The manipulation of the argument pp leads to unrestricted upload. The attack can be initiated remotely. Th...

6.5CVSS0.00512EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/10/24 10:0 p.m.10 views

CVE-2024-10349 SourceCodester Best House Rental Management System ajax.php delete_tenant sql injection

A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function deletetenant of the file /ajax.php?action=deletetenant. The manipulation of the argument id leads to sql injection. The attack may be launched...

6.5CVSS7.3AI score0.00556EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/10/24 10:0 p.m.16 views

CVE-2024-10349 SourceCodester Best House Rental Management System ajax.php delete_tenant sql injection

A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function deletetenant of the file /ajax.php?action=deletetenant. The manipulation of the argument id leads to sql injection. The attack may be launched...

6.5CVSS0.00556EPSS
Exploits1References5
CVE
CVE
added 2024/10/15 12:0 a.m.64 views

CVE-2024-35584

The OpenSIS Open Source Community Edition (versions 8.0–9.1, possibly earlier) contains a SQL injection flaw in Ajax.php, ForWindow.php, ForExport.php, Modules.php, and functions/HackingLogFnc.php. The root cause is direct concatenation of the HTTP_X_FORWARDED_FOR header value into SQL INSERT sta...

8.8CVSS8AI score0.06524EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2024/09/20 4:0 p.m.26 views

CVE-2024-9039 SourceCodester Best House Rental Management System ajax.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=signup. The manipulation of the argument firstname/lastname/email leads to sql injection...

7.5CVSS0.00698EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/09/20 2:31 p.m.23 views

CVE-2024-9033 SourceCodester Best House Rental Management System ajax.php cross site scripting

A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=savecategory. The manipulation of the argument name leads to cross site scripting. The...

5.3CVSS0.00436EPSS
Exploits1References5
CVE
CVE
added 2024/09/16 12:0 a.m.38 views

CVE-2024-42794

Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control in the /music/ajax.php?action=save_user endpoint. The root cause is an access-control flaw that may allow unauthorized actions via the save_user function, potentially enabling account-related manipulation. Public ref...

4.7CVSS7.1AI score0.00333EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/09/08 1:31 a.m.21 views

CVE-2024-8567 itsourcecode Payroll Management System ajax.php sql injection

A vulnerability, which was classified as critical, has been found in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=deletedeductions. The manipulation of the argument id leads to sql injection. The attack may be initiated...

7.5CVSS0.00701EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.249 views

WordPress WP GDPR Compliance Plugin Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress WP GDPR Compliance Plugin Privilege Escalation', 'Description' = %q The Wordpress GDPR Compliance plugin 'Mikey Veenstra WordFence',...

9.8CVSS7AI score0.87294EPSS
Exploits4
NVD
NVD
added 2024/08/26 5:15 p.m.10 views

CVE-2024-42792

A Cross-Site Request Forgery CSRF vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=deleteplaylist page...

3.5CVSS0.00188EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/08/26 12:0 a.m.14 views

CVE-2024-42791

A Cross-Site Request Forgery CSRF vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=deletegenre...

7.1AI score0.00581EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/08/26 12:0 a.m.10 views

CVE-2024-42788

A Stored Cross Site Scripting XSS vulnerability was found in "/music/ajax.php?action=savemusic" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "artist" parameter fields...

0.00492EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/08/15 3:0 a.m.27 views

CVE-2024-7812 SourceCodester Best House Rental Management System POST Parameter ajax.php cross site scripting

A vulnerability classified as problematic was found in SourceCodester Best House Rental Management System 1.0. This vulnerability affects unknown code of the file /rental0/rental/ajax.php?action=savetenant of the component POST Parameter Handler. The manipulation of the argument lastname leads to...

5.3CVSS0.00414EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/08/15 3:0 a.m.13 views

CVE-2024-7812 SourceCodester Best House Rental Management System POST Parameter ajax.php cross site scripting

A vulnerability classified as problematic was found in SourceCodester Best House Rental Management System 1.0. This vulnerability affects unknown code of the file /rental0/rental/ajax.php?action=savetenant of the component POST Parameter Handler. The manipulation of the argument lastname leads to...

5.3CVSS6.6AI score0.00414EPSS
Exploits1References4
NVD
NVD
added 2024/08/15 12:15 a.m.15 views

CVE-2024-7800

A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=deleteproduct. The manipulation of the argument id leads to sql injection. It is possible ...

7.5CVSS0.00442EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/08/14 11:0 p.m.19 views

CVE-2024-7798 SourceCodester Simple Online Bidding System ajax.php sql injection

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login2. The manipulation of the argument username lead...

7.5CVSS0.00698EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/08/14 11:0 p.m.19 views

CVE-2024-7797 SourceCodester Simple Online Bidding System ajax.php sql injection

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. Affected is an unknown function of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. It is...

7.5CVSS0.00661EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/08/14 11:0 p.m.16 views

CVE-2024-7797 SourceCodester Simple Online Bidding System ajax.php sql injection

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. Affected is an unknown function of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. It is...

7.5CVSS7.3AI score0.00661EPSS
Exploits1References4
Rows per page
Query Builder