Lucene search
K

39 matches found

CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

Snipe-IT 跨站脚本漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.4.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from unescaped notes columns, which could lead to cross-site scripting attacks...

5.4CVSS5.6AI score0.00218EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.13 views

PT-2026-6102

Name of the Vulnerable Software and Affected Versions GLPI versions 0.85 through 10.0.22 Description GLPI is an asset and IT management software package. An authenticated user can perform a SQL injection. This allows for potential unauthorized access or modification of data within the system...

8.8CVSS5.7AI score0.00264EPSS
Exploits0References7
EUVD
EUVD
added 2025/12/16 9:59 p.m.4 views

EUVD-2025-203855

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch...

6.5CVSS6.2AI score0.00186EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/01 2:31 p.m.21 views

CVE-2025-1797 Hunan Zhonghe Baiyi Information Technology Baiyiyun Asset Management and Operations System anyUserBoundHouse.php sql injection

A vulnerability, which was classified as critical, has been found in Hunan Zhonghe Baiyi Information Technology Baiyiyun Asset Management and Operations System up to 20250217. Affected by this issue is some unknown functionality of the file /wuser/anyUserBoundHouse.php. The manipulation of the...

6.5CVSS0.00287EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/01 12:0 a.m.4 views

Zhonghe Baiyi Baiyiyun Asset Management and Operations System 注入漏洞

Zhonghe Baiyi Baiyiyun Asset Management and Operations System is an asset management and operations system of Zhonghe Baiyi, a Chinese company. An injection vulnerability exists in Zhonghe Baiyi Baiyiyun Asset Management and Operations System 20250217 and prior versions, which stems from SQL...

6.5CVSS7.5AI score0.00287EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/02/23 12:21 p.m.5 views

CVE-2025-1535

A vulnerability was found in Baiyi Cloud Asset Management System 8.142.100.161. It has been classified as critical. This affects an unknown part of the file /wuser/admin.ticket.close.php. The manipulation of the argument ticketid leads to sql injection. It is possible to initiate the attack...

7.5CVSS7.1AI score0.00404EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/21 2:26 p.m.8 views

CVE-2025-1464

A vulnerability, which was classified as critical, has been found in Baiyi Cloud Asset Management System up to 20250204. This issue affects some unknown processing of the file /wuser/admin.house.collect.php. The manipulation of the argument projectid leads to sql injection. The attack may be...

7.5CVSS7.2AI score0.00446EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/21 12:0 p.m.3 views

CVE-2025-1535 Baiyi Cloud Asset Management System admin.ticket.close.php sql injection

A vulnerability was found in Baiyi Cloud Asset Management System 8.142.100.161. It has been classified as critical. This affects an unknown part of the file /wuser/admin.ticket.close.php. The manipulation of the argument ticketid leads to sql injection. It is possible to initiate the attack...

7.5CVSS7.4AI score0.00404EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/02/21 12:0 p.m.20 views

CVE-2025-1535 Baiyi Cloud Asset Management System admin.ticket.close.php sql injection

A vulnerability was found in Baiyi Cloud Asset Management System 8.142.100.161. It has been classified as critical. This affects an unknown part of the file /wuser/admin.ticket.close.php. The manipulation of the argument ticketid leads to sql injection. It is possible to initiate the attack...

7.5CVSS0.00404EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/21 12:0 a.m.3 views

Baiyi Cloud Asset Management System 注入漏洞

Baiyi Cloud Asset Management System is a cloud asset management system from Baiyi Corporation. An injection vulnerability exists in Baiyi Cloud Asset Management System version 8.142.100.161, which is caused by SQL injection of the parameter ticketid...

7.5CVSS7.9AI score0.00404EPSS
Exploits0References5
NVD
NVD
added 2025/02/19 2:15 p.m.5 views

CVE-2025-1464

A vulnerability, which was classified as critical, has been found in Baiyi Cloud Asset Management System up to 20250204. This issue affects some unknown processing of the file /wuser/admin.house.collect.php. The manipulation of the argument projectid leads to sql injection. The attack may be...

7.5CVSS0.00446EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/02/19 1:31 p.m.6 views

CVE-2025-1464 Baiyi Cloud Asset Management System admin.house.collect.php sql injection

A vulnerability, which was classified as critical, has been found in Baiyi Cloud Asset Management System up to 20250204. This issue affects some unknown processing of the file /wuser/admin.house.collect.php. The manipulation of the argument projectid leads to sql injection. The attack may be...

7.5CVSS7.5AI score0.00446EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/01/16 12:0 a.m.9 views

The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to the lack of measures taken to protect the website structure, allows a malicious attacker to carry out XSS attacks.

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management functions is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

7.8CVSS5.4AI score0.00486EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/07/29 12:0 a.m.11 views

The vulnerability of the GLPI system’s request and incident handling process, related to incorrect input cancellation during the generation of web pages, allows a perpetrator to execute arbitrary code.

The vulnerability of the GLPI system for handling requests and incidents is related to the improper elimination of input data during the generation of the web page. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

5.5CVSS7.3AI score0.00488EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/07/29 12:0 a.m.8 views

The vulnerability of the GLPI reports’ reporting system, related to improper handling of input data during the generation of web pages used in SQL commands, allows attackers to carry out XSS attacks.

The vulnerability of the GLPI reports plugin relates to the proper neutralization of input data during the generation of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks using a specially crafted website...

6.4CVSS6.3AI score0.00361EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/07/29 12:0 a.m.8 views

The vulnerability of the GLPI system’s request and incident handling process, related to incorrect input cancellation during the generation of web pages, allows a perpetrator to execute arbitrary code.

The vulnerability of the GLPI system for handling requests and incidents is related to incorrect neutralization of input data during the generation of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially crafted RTF format data...

4.8CVSS7.3AI score0.00628EPSS
Exploits1References4Affected Software2
GithubExploit
GithubExploit
added 2023/10/13 6:19 p.m.19 views

Exploit for SQL Injection in Projectworlds Asset_Management_System_Project_In_Php

CVE-2023-43144 Description Assets Management System 1.0 is...

9.8CVSS10AI score0.00911EPSS
Exploits2
OSV
OSV
added 2023/09/28 10:15 p.m.6 views

CVE-2023-43014

Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'firstname' and 'lastname' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents...

8.8CVSS5.8AI score0.00646EPSS
Exploits1References2
NVD
NVD
added 2023/09/28 10:15 p.m.24 views

CVE-2023-43014

Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'firstname' and 'lastname' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents...

8.8CVSS9.1AI score0.00646EPSS
Exploits1References2
Prion
Prion
added 2023/09/28 10:15 p.m.20 views

Sql injection

Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'firstname' and 'lastname' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents...

6.5CVSS9AI score0.00646EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder