Lucene search
K

1339 matches found

Prion
Prion
added 2023/06/06 8:15 p.m.19 views

Code injection

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=updateuser...

5.8CVSS7.3AI score0.01112EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/06/02 1:15 p.m.14 views

Path traversal

A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: '../filedir'. The attack may be initiated remotely. The...

4CVSS9.5AI score0.01208EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/06/02 12:31 p.m.24 views

CVE-2023-3057 YFCMF Ajax.php path traversal

A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: '../filedir'. The attack may be initiated remotely. The...

4.3CVSS9.8AI score0.01208EPSS
Exploits1References3
wpexploit
wpexploit
added 2023/05/30 12:0 a.m.136 views

Feather Login Page < 1.1.2 - Cross-Site Request Forgery to Privilege Escalation

The plugin does not protect its ftlpp-ext-expirable-login-link action against CSRF attacks, allowing an unauthenticated attacker to add users of any role on their behalf by tricking a logged in administrator to submit a crafted request. POST...

8.8CVSS8.5AI score0.00331EPSS
Exploits1References1
NVD
NVD
added 2023/05/26 4:15 p.m.29 views

CVE-2023-33440

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=saveuser...

7.2CVSS7.3AI score0.14507EPSS
Exploits4References2
wpexploit
wpexploit
added 2023/05/22 12:0 a.m.143 views

Icegram Engage < 3.1.12 - Reflected XSS

The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...

6.1CVSS5.7AI score0.00486EPSS
Exploits2
Prion
Prion
added 2023/05/07 3:15 p.m.17 views

Cross site scripting

A vulnerability has been found in SourceCodester Multi Language Hotel Management Software 1.0 and classified as problematic. This vulnerability affects unknown code of the file ajax.php of the component POST Parameter Handler. The manipulation of the argument complainttype with the input...

4CVSS6.1AI score0.00549EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/05/07 3:0 p.m.19 views

CVE-2023-2565 SourceCodester Multi Language Hotel Management Software POST Parameter ajax.php cross site scripting

A vulnerability has been found in SourceCodester Multi Language Hotel Management Software 1.0 and classified as problematic. This vulnerability affects unknown code of the file ajax.php of the component POST Parameter Handler. The manipulation of the argument complainttype with the input...

4CVSS6.3AI score0.00549EPSS
Exploits1References3
NVD
NVD
added 2023/05/05 11:15 p.m.16 views

CVE-2023-29963

S-CMS v5.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the component /admin/ajax.php...

7.2CVSS7.4AI score0.01618EPSS
Exploits1References1
Prion
Prion
added 2023/05/05 11:15 p.m.17 views

Remote code execution

S-CMS v5.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the component /admin/ajax.php...

5.8CVSS7.4AI score0.01618EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/05/05 12:0 a.m.24 views

CVE-2023-29963

S-CMS v5.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the component /admin/ajax.php...

7.7AI score0.01618EPSS
Exploits1References1
CVE
CVE
added 2023/05/05 12:0 a.m.64 views

CVE-2023-29963

S-CMS v5.0 contains an authenticated remote code execution (RCE) vulnerability in the /admin/ajax.php endpoint. CVSS v3.1 indicates Network access, high impact to confidentiality, integrity, and availability (base score 7.2). Exploit details are not provided beyond the authenticated RCE via this ...

7.2CVSS7.4AI score0.01618EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/05/04 6:15 p.m.21 views

Out-of-bounds

A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobileuploadsave. The manipulation of the argument uploadquwan leads to unrestricted upload. The attack may be launched...

7.5CVSS9.3AI score0.32895EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2023/04/28 12:15 p.m.14 views

CVE-2023-2365

A vulnerability has been found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax.php?action=deletesubject. The manipulation of the argument id leads to sql injection. The attack can be launched...

9.8CVSS7.4AI score0.00743EPSS
Exploits1References3
Prion
Prion
added 2023/04/28 12:15 p.m.21 views

Sql injection

A vulnerability has been found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax.php?action=deletesubject. The manipulation of the argument id leads to sql injection. The attack can be launched...

6.5CVSS9.7AI score0.00743EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/04/28 12:15 p.m.17 views

Sql injection

A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajax.php?action=deleteclass. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...

6.5CVSS9.6AI score0.00798EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/04/28 12:0 p.m.17 views

CVE-2023-2366 SourceCodester Faculty Evaluation System sql injection

A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajax.php?action=deleteclass. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...

6.5CVSS9.9AI score0.00798EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/04/28 11:31 a.m.20 views

CVE-2023-2365 SourceCodester Faculty Evaluation System sql injection

A vulnerability has been found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax.php?action=deletesubject. The manipulation of the argument id leads to sql injection. The attack can be launched...

6.5CVSS10AI score0.00743EPSS
Exploits1References3
CVE
CVE
added 2023/04/28 11:31 a.m.41 views

CVE-2023-2365

CVE-2023-2365 affects SourceCodester Faculty Evaluation System 1.0. The vulnerability is a SQL injection in the file ajax.php?action=delete_subject, triggered by manipulating the id argument. Many connected sources confirm remote exploitation and classify the issue as critical/high impact on conf...

9.8CVSS8.3AI score0.00743EPSS
Exploits1References3Affected Software1
Huntr
Huntr
added 2023/04/27 7:6 p.m.15 views

SQL Injection in expenses/ajax.php & loan-management/ajax.php

Description An administrator user can use different operations and parameters to execute SQL queries. -employeeId on operation addMonthlySalary in expenses/ajax.php. -returnAdvancePaymentEmployee on operation returnAdvancePaymentSubmit, in expenses/ajax.php. -id on operation editLoan in...

8.2AI score
Exploits0
Rows per page
Query Builder