1339 matches found
CVE-2024-11743 SourceCodester Best House Rental Management System POST Request ajax.php cross-site request forgery
A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=deleteuser of the component POST Request Handler. The manipulation leads to cross-site request forgery. It...
CVE-2024-11742 SourceCodester Best House Rental Management System ajax.php cross site scripting
A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0. This issue affects some unknown processing of the file /rental/ajax.php?action=savetenant. The manipulation of the argument lastname/firstname/middlename leads to cross...
CVE-2024-11054 SourceCodester Simple Music Cloud Community System ajax.php unrestricted upload
A vulnerability classified as critical was found in SourceCodester Simple Music Cloud Community System 1.0. This vulnerability affects unknown code of the file /music/ajax.php?action=signup. The manipulation of the argument pp leads to unrestricted upload. The attack can be initiated remotely. Th...
CVE-2024-10349 SourceCodester Best House Rental Management System ajax.php delete_tenant sql injection
A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function deletetenant of the file /ajax.php?action=deletetenant. The manipulation of the argument id leads to sql injection. The attack may be launched...
CVE-2024-10349 SourceCodester Best House Rental Management System ajax.php delete_tenant sql injection
A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function deletetenant of the file /ajax.php?action=deletetenant. The manipulation of the argument id leads to sql injection. The attack may be launched...
CVE-2024-35584
The OpenSIS Open Source Community Edition (versions 8.0–9.1, possibly earlier) contains a SQL injection flaw in Ajax.php, ForWindow.php, ForExport.php, Modules.php, and functions/HackingLogFnc.php. The root cause is direct concatenation of the HTTP_X_FORWARDED_FOR header value into SQL INSERT sta...
CVE-2024-9039 SourceCodester Best House Rental Management System ajax.php sql injection
A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=signup. The manipulation of the argument firstname/lastname/email leads to sql injection...
CVE-2024-9033 SourceCodester Best House Rental Management System ajax.php cross site scripting
A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=savecategory. The manipulation of the argument name leads to cross site scripting. The...
CVE-2024-42794
Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control in the /music/ajax.php?action=save_user endpoint. The root cause is an access-control flaw that may allow unauthorized actions via the save_user function, potentially enabling account-related manipulation. Public ref...
CVE-2024-8567 itsourcecode Payroll Management System ajax.php sql injection
A vulnerability, which was classified as critical, has been found in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=deletedeductions. The manipulation of the argument id leads to sql injection. The attack may be initiated...
WordPress WP GDPR Compliance Plugin Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress WP GDPR Compliance Plugin Privilege Escalation', 'Description' = %q The Wordpress GDPR Compliance plugin 'Mikey Veenstra WordFence',...
CVE-2024-42792
A Cross-Site Request Forgery CSRF vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=deleteplaylist page...
CVE-2024-42791
A Cross-Site Request Forgery CSRF vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=deletegenre...
CVE-2024-42788
A Stored Cross Site Scripting XSS vulnerability was found in "/music/ajax.php?action=savemusic" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "artist" parameter fields...
CVE-2024-7812 SourceCodester Best House Rental Management System POST Parameter ajax.php cross site scripting
A vulnerability classified as problematic was found in SourceCodester Best House Rental Management System 1.0. This vulnerability affects unknown code of the file /rental0/rental/ajax.php?action=savetenant of the component POST Parameter Handler. The manipulation of the argument lastname leads to...
CVE-2024-7812 SourceCodester Best House Rental Management System POST Parameter ajax.php cross site scripting
A vulnerability classified as problematic was found in SourceCodester Best House Rental Management System 1.0. This vulnerability affects unknown code of the file /rental0/rental/ajax.php?action=savetenant of the component POST Parameter Handler. The manipulation of the argument lastname leads to...
CVE-2024-7800
A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=deleteproduct. The manipulation of the argument id leads to sql injection. It is possible ...
CVE-2024-7798 SourceCodester Simple Online Bidding System ajax.php sql injection
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login2. The manipulation of the argument username lead...
CVE-2024-7797 SourceCodester Simple Online Bidding System ajax.php sql injection
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. Affected is an unknown function of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. It is...
CVE-2024-7797 SourceCodester Simple Online Bidding System ajax.php sql injection
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. Affected is an unknown function of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. It is...