PT-2024-15626 · Unknown · Haokekeji Yiqiniu

Name of the Vulnerable Software and Affected Versions: HaoKeKeJi YiQiNiu versions up to 3.1 Description: A critical issue has been found in the software, affecting the function http post of the file /application/pay/controller/Api.php. The manipulation of the argument url leads to server-side...

CVE-2023-6658

A vulnerability classified as critical was found in SourceCodester Simple Student Attendance System 1.0. This vulnerability affects unknown code of the file ajax-api.php?action=saveattendance. The manipulation of the argument classid leads to sql injection. The exploit has been disclosed to the...

Sql injection

A vulnerability classified as critical was found in SourceCodester Simple Student Attendance System 1.0. This vulnerability affects unknown code of the file ajax-api.php?action=saveattendance. The manipulation of the argument classid leads to sql injection. The exploit has been disclosed to the...

CVE-2023-6658 SourceCodester Simple Student Attendance System sql injection

A vulnerability classified as critical was found in SourceCodester Simple Student Attendance System 1.0. This vulnerability affects unknown code of the file ajax-api.php?action=saveattendance. The manipulation of the argument classid leads to sql injection. The exploit has been disclosed to the...

CVE-2023-6658

Affected software : SourceCodester Simple Student Attendance System 1.0. Vulnerability : SQL injection in the file ajax-api.php?action=save_attendance caused by unsafely handling the class_id parameter. The exploit has been disclosed publicly. Impact : As described in the sources, this can compro...

CVE-2023-5296

A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The manipulation leads to weak password recovery. The attack may be launched...

Design/Logic Flaw

A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The manipulation leads to weak password recovery. The attack may be launched...

CVE-2022-24989

TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. Shell metacharacters can be placed in raidtype because popen is used without any sanitization...

Improper Privilege Management

microweber/microweber is vulnerable to Improper Privilege Management . The vulnerability exists due lack of authorization checks in the apiResource parameter of api.php which allows an attacker to provide malicious configuration-related API parameter...

CVE-2023-1442 Meizhou Qingyunke QYKCMS Update api.php unrestricted upload

A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has been classified as problematic. This affects an unknown part of the file /adminsystem/api.php of the component Update Handler. The manipulation of the argument downurl leads to unrestricted upload. It is possible to initiate the...

CVE-2023-1442 Meizhou Qingyunke QYKCMS Update api.php unrestricted upload

A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has been classified as problematic. This affects an unknown part of the file /adminsystem/api.php of the component Update Handler. The manipulation of the argument downurl leads to unrestricted upload. It is possible to initiate the...

CVE-2015-10094 Fastly Plugin api.php post cross site scripting

A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version...

Default credentials

TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response...

Sql injection

A vulnerability classified as critical was found in visegripped Stracker. Affected by this vulnerability is the function getHistory of the file docroot/publichtml/stracker/api.php. The manipulation of the argument symbol/startDate/endDate leads to sql injection. The identifier of the patch is...

CVE-2022-4889 visegripped Stracker api.php getHistory sql injection

A vulnerability classified as critical was found in visegripped Stracker. Affected by this vulnerability is the function getHistory of the file docroot/publichtml/stracker/api.php. The manipulation of the argument symbol/startDate/endDate leads to sql injection. The identifier of the patch is...

CVE-2017-20168

A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The patch is identified as b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommende...

Sql injection

A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The patch is identified as b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommende...

CVE-2021-41408

VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter...

Sql injection

VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter...

CVE-2021-41408

CVE-2021-41408 concerns VoIPmonitor WEB GUI (up to 24.61). The vulnerability is a SQL injection through the api.php endpoint via the user parameter, caused by missing input filtering/escaping. Exploitation could allow an attacker to execute arbitrary SQL commands and access stolen data, as indica...