1339 matches found
Code injection
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=updateuser...
Path traversal
A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: '../filedir'. The attack may be initiated remotely. The...
CVE-2023-3057 YFCMF Ajax.php path traversal
A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: '../filedir'. The attack may be initiated remotely. The...
Feather Login Page < 1.1.2 - Cross-Site Request Forgery to Privilege Escalation
The plugin does not protect its ftlpp-ext-expirable-login-link action against CSRF attacks, allowing an unauthenticated attacker to add users of any role on their behalf by tricking a logged in administrator to submit a crafted request. POST...
CVE-2023-33440
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=saveuser...
Icegram Engage < 3.1.12 - Reflected XSS
The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...
Cross site scripting
A vulnerability has been found in SourceCodester Multi Language Hotel Management Software 1.0 and classified as problematic. This vulnerability affects unknown code of the file ajax.php of the component POST Parameter Handler. The manipulation of the argument complainttype with the input...
CVE-2023-2565 SourceCodester Multi Language Hotel Management Software POST Parameter ajax.php cross site scripting
A vulnerability has been found in SourceCodester Multi Language Hotel Management Software 1.0 and classified as problematic. This vulnerability affects unknown code of the file ajax.php of the component POST Parameter Handler. The manipulation of the argument complainttype with the input...
CVE-2023-29963
S-CMS v5.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the component /admin/ajax.php...
Remote code execution
S-CMS v5.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the component /admin/ajax.php...
CVE-2023-29963
S-CMS v5.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the component /admin/ajax.php...
CVE-2023-29963
S-CMS v5.0 contains an authenticated remote code execution (RCE) vulnerability in the /admin/ajax.php endpoint. CVSS v3.1 indicates Network access, high impact to confidentiality, integrity, and availability (base score 7.2). Exploit details are not provided beyond the authenticated RCE via this ...
Out-of-bounds
A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobileuploadsave. The manipulation of the argument uploadquwan leads to unrestricted upload. The attack may be launched...
CVE-2023-2365
A vulnerability has been found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax.php?action=deletesubject. The manipulation of the argument id leads to sql injection. The attack can be launched...
Sql injection
A vulnerability has been found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax.php?action=deletesubject. The manipulation of the argument id leads to sql injection. The attack can be launched...
Sql injection
A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajax.php?action=deleteclass. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...
CVE-2023-2366 SourceCodester Faculty Evaluation System sql injection
A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajax.php?action=deleteclass. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...
CVE-2023-2365 SourceCodester Faculty Evaluation System sql injection
A vulnerability has been found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax.php?action=deletesubject. The manipulation of the argument id leads to sql injection. The attack can be launched...
CVE-2023-2365
CVE-2023-2365 affects SourceCodester Faculty Evaluation System 1.0. The vulnerability is a SQL injection in the file ajax.php?action=delete_subject, triggered by manipulating the id argument. Many connected sources confirm remote exploitation and classify the issue as critical/high impact on conf...
SQL Injection in expenses/ajax.php & loan-management/ajax.php
Description An administrator user can use different operations and parameters to execute SQL queries. -employeeId on operation addMonthlySalary in expenses/ajax.php. -returnAdvancePaymentEmployee on operation returnAdvancePaymentSubmit, in expenses/ajax.php. -id on operation editLoan in...