Lucene search
K

92 matches found

Cvelist
Cvelist
added 2025/06/30 2:32 a.m.10 views

CVE-2025-6883 code-projects Staff Audit System update_index.php sql injection

A vulnerability classified as critical was found in code-projects Staff Audit System 1.0. This vulnerability affects unknown code of the file /updateindex.php. The manipulation of the argument updateid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...

6.5CVSS0.00252EPSS
Exploits1References5
CVE
CVE
added 2025/06/30 2:32 a.m.23 views

CVE-2025-6883

Staff Audit System 1.0 contains a SQL injection vulnerability in /update_index.php via the updateid parameter. Root cause: unsanitized SQL statements from externally provided updateid. Impact: remote attacker can execute arbitrary SQL, potentially stealing data. Exploitation is publicly disclosed...

6.5CVSS7.8AI score0.00252EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/06/30 12:0 a.m.5 views

Code-Projects Staff Audit System 安全漏洞

Staff Audit System is an employee audit system. Staff Audit System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter updateid in the file /updateindex.php. An attacker can exploit this vulnerability to...

6.5CVSS7AI score0.00252EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/06/30 12:0 a.m.9 views

PT-2025-27403

Name of the Vulnerable Software and Affected Versions: code-projects Staff Audit System version 1.0 Description: A critical issue has been found in the Staff Audit System, affecting the processing of the file /search index.php. The manipulation of the Search argument leads to SQL injection. This...

8.8CVSS6.3AI score0.00318EPSS
Exploits1References10
CNVD
CNVD
added 2025/06/05 12:0 a.m.1 views

Command Execution Vulnerability in SecFox Operations and Maintenance Security Management and Audit System of Chianxin Technology Group Co.

SecFox O&M Security Management and Audit System is an O&M security management solution that integrates authentication, account management, privilege control, and O&M audit, providing unified O&M authentication, fine-grained privilege control, real-time supervision, and after-the-fact traceability...

7.6AI score
Exploits0
CNVD
CNVD
added 2025/06/04 12:0 a.m.3 views

Command Execution Vulnerability in Panabit Log Audit System of Beijing Paiwang Software Co.

Beijing PaiNet Software Co., Ltd. is a technology company focusing on providing network application layer solutions for the government and enterprise industries. A command execution vulnerability exists in the panabit log auditing system of Beijing Pai Networks Software Co. Ltd, which can be...

7.9AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/03/31 3:8 p.m.10 views

CVE-2025-27095 JumpServer has a Kubernetes Token Leak Vulnerability

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an attacker with a low-privileged account can access the Kubernetes session feature and manipulate the kubeconfig file to redirect API requests to an external server...

4.3CVSS4.5AI score0.00307EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/31 3:8 p.m.23 views

CVE-2025-27095 JumpServer has a Kubernetes Token Leak Vulnerability

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an attacker with a low-privileged account can access the Kubernetes session feature and manipulate the kubeconfig file to redirect API requests to an external server...

4.3CVSS0.00307EPSS
Exploits1References1
CNVD
CNVD
added 2025/01/28 12:0 a.m.5 views

File Upload Vulnerability in Operation and Maintenance Management Audit System of Shanghai Shangxun Information Technology Co.

Shanghai Shangxun Information Technology Co., Ltd. is a leading provider specializing in information security technology. A file upload vulnerability exists in the Operations and Maintenance Management and Audit System of Shanghai Shangxun Information Technology Company Limited, which can be...

7.2AI score
Exploits0
CNVD
CNVD
added 2025/01/08 12:0 a.m.6 views

Command Execution Vulnerability in Operation and Maintenance Management Audit System of Shanghai Shangxun Information Technology Co.

hereinafter referred to as "SinoCom-ArtM" is one of the leading providers of data, intelligent security operation and maintenance, mobile security, security services and other fields in China. A command execution vulnerability exists in the Operations and Maintenance Management and Audit System o...

8AI score
Exploits0
CNVD
CNVD
added 2024/11/28 12:0 a.m.2 views

Command Execution Vulnerability in Operation and Maintenance Management Audit System of Shanghai Shangxun Information Technology Co.

Founded in December 2010, Shanghai SinoCom-ArtM Information Technology Co., Ltd. is one of the leading domestic suppliers in the fields of data, intelligent security operation and maintenance, mobile security and security services. A command execution vulnerability exists in the Operations and...

7.6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/03/29 2:57 p.m.20 views

CVE-2024-29202 JumpServer vulnerable to Jinja2 template injection in Ansible leads to RCE in Celery

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and...

9.9CVSS9.5AI score0.05939EPSS
Exploits1References2
OSV
OSV
added 2024/03/29 2:45 p.m.9 views

CVE-2024-29024 JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality

JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference IDOR vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromisi...

4.6CVSS6.8AI score0.00235EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/10/30 11:53 p.m.15 views

CVE-2023-46138 JumpServer default admin user email leak password reset

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...

3.7CVSS7AI score0.00316EPSS
Exploits0References2
CVE
CVE
added 2023/10/30 11:53 p.m.42 views

CVE-2023-46138

CVE-2023-46138 affects JumpServer prior to version 3.8.0, where the initial admin user used the default email domain [email protected]. Password resets occur via email, so if the domain mycompany.com is registered, this could affect password reset functionality. The issue is mitigated in versio...

5.3CVSS4.9AI score0.00316EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/10/25 6:17 p.m.25 views

Design/Logic Flaw

jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability,...

5CVSS5.5AI score0.00705EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2023/10/12 12:0 a.m.19 views

Command Execution Vulnerability in Tianyue Network Security Audit System of Qixingchen Information Technology Group Co. Ltd (CNVD-2023-85472)

Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of network operation behaviors in business environments. A command execution vulnerability exists in the Tianyue Network Security Audit System of Qixing Information Technology Group Co., Ltd,...

7.9AI score
Exploits0
CNVD
CNVD
added 2023/09/18 12:0 a.m.10 views

Command Execution Vulnerability in Black Shield Network Security Audit System of Fujian Strait Information Technology Co.

Fujian Strait Information Technology Co., Ltd. is one of the earliest companies in China specializing in independent research and development of network security, product sales and security services. A command execution vulnerability exists in the BlackShield Network Security Audit System of Fuji...

7.6AI score
Exploits0
CNVD
CNVD
added 2023/08/28 12:0 a.m.9 views

Command execution vulnerability in Qixingchen Tianyue Network Security Audit System (CNVD-2023-71706)

Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of users' operations on core IT assets and servers in the network under business environment. A command execution vulnerability exists in Tianyue Network Security Audit System, which can be...

7.6AI score
Exploits0
CNVD
CNVD
added 2022/07/21 12:0 a.m.20 views

Arbitrary File Read Vulnerability in Istar Database Auditing System

Founded in 2003, Beijing Yisetong Technology Development Co., Ltd. is a professional and comprehensive data security vendor in the field of data security. There is an arbitrary file reading vulnerability in Yisetong database auditing system, which can be exploited by an attacker to read any file ...

7.1AI score
Exploits0
Rows per page
Query Builder