52 matches found
CVE-2024-10840
A vulnerability classified as problematic has been found in romadebrian WEB-Sekolah 1.0. Affected is an unknown function of the file /Admin/akunedit.php of the component Backend. The manipulation of the argument kode leads to cross site scripting. It is possible to launch the attack remotely. The...
CVE-2025-3389
A vulnerability, which was classified as problematic, has been found in hailey888 oasystem up to 2025.01.01. This issue affects the function testMess of the file cn/gson/oasys/controller/inform/InformManageController.java of the component Backend. The manipulation of the argument menu leads to...
CVE-2025-3392
A vulnerability was found in hailey888 oasystem up to 2025.01.01 and classified as problematic. Affected by this issue is the function Save of the file cn/gson/oasys/controller/mail/MailController.java of the component Backend. The manipulation of the argument MailNumberId leads to cross site...
CVE-2025-3392
A vulnerability was found in hailey888 oasystem up to 2025.01.01 and classified as problematic. Affected by this issue is the function Save of the file cn/gson/oasys/controller/mail/MailController.java of the component Backend. The manipulation of the argument MailNumberId leads to cross site...
CVE-2025-3389
A vulnerability, which was classified as problematic, has been found in hailey888 oasystem up to 2025.01.01. This issue affects the function testMess of the file cn/gson/oasys/controller/inform/InformManageController.java of the component Backend. The manipulation of the argument menu leads to...
CVE-2025-3390
A vulnerability, which was classified as problematic, was found in hailey888 oasystem up to 2025.01.01. Affected is the function addandchangeday of the file cn/gson/oass/controller/daymanager/DaymanageController.java of the component Backend. The manipulation of the argument scheduleList leads to...
PT-2025-15308 · Unknown · Hailey888 Oa System
Name of the Vulnerable Software and Affected Versions: hailey888 oa system versions up to 2025.01.01 Description: A problem has been found in the function testMess of the file cn/gson/oasys/controller/inform/InformManageController.java of the component Backend. The manipulation of the argument me...
CVE-2025-2686
A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. Affected by this vulnerability is the function doFilter of the file /admin/ of the component Backend. The manipulation of the argument Request lea...
CVE-2025-0484
A vulnerability was found in Fanli2012 native-php-cms 1.0 and classified as critical. This issue affects some unknown processing of the file /fladmin/sysconfigdoedit.php of the component Backend. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit h...
PT-2025-3914 · Fanli2012 · Native-Php-Cms
Name of the Vulnerable Software and Affected Versions: Fanli2012 native-php-cms version 1.0 Description: A critical issue affects the processing of the file /fladmin/sysconfig doedit.php in the Backend component, leading to improper authorization. The attack can be initiated remotely...
CVE-2025-0398 longpi1 warehouse Backend updateInport cross site scripting
A vulnerability has been found in longpi1 warehouse 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /resources/..;/inport/updateInport of the component Backend. The manipulation of the argument remark leads to cross site scripting. The...
PT-2024-17145 · E Lins · E-Lins H720 +6
Name of the Vulnerable Software and Affected Versions: E-Lins H685 versions up to 3.2 E-Lins H685f versions up to 3.2 E-Lins H700 versions up to 3.2 E-Lins H720 versions up to 3.2 E-Lins H750 versions up to 3.2 E-Lins H820 versions up to 3.2 E-Lins H820Q versions up to 3.2 E-Lins H820Q0 versions ...
CVE-2024-10842
A vulnerability, which was classified as problematic, has been found in romadebrian WEB-Sekolah 1.0. Affected by this issue is some unknown functionality of the file /Admin/ProsesEditAkun.php of the component Backend. The manipulation of the argument UsernameBaru/Password leads to cross site...
CVE-2024-10840 romadebrian WEB-Sekolah Backend akun_edit.php cross site scripting
A vulnerability classified as problematic has been found in romadebrian WEB-Sekolah 1.0. Affected is an unknown function of the file /Admin/akunedit.php of the component Backend. The manipulation of the argument kode leads to cross site scripting. It is possible to launch the attack remotely. The...
PT-2024-39548 · Unknown · Skyselang Yyladmin
Name of the Vulnerable Software and Affected Versions: skyselang yylAdmin versions up to 3.0 Description: A critical issue was found in the Backend component, specifically in the function list of the file /app/admin/controller/file/File.php. The manipulation of the is disable argument leads to SQ...
CVE-2024-7898
A vulnerability classified as critical was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been...
TYPO3 Denial of Service in Online Media Asset Handling
Online Media Asset Handling .youtube and .vimeo files in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...
CVE-2024-3227
A vulnerability was found in Panwei eoffice OA up to 9.5. It has been declared as critical. This vulnerability affects unknown code of the file /general/system/interface/themeset/saveimage.php of the component Backend. The manipulation of the argument imagetype leads to path traversal:...
Improper access control
A vulnerability has been found in Mandelo ssmshiroblog 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file updateRoles of the component Backend. The manipulation leads to improper access controls. The exploit has been disclosed to the public a...
Mandelo ssm_shiro_blog Access Control Error Vulnerability
ssmshiroblog is a blogging system for mandelo individual developers. An access control error vulnerability exists in Mandelo ssmshiroblog version 1.0, which stems from the presence of an unknown function in updateRoles in the component Backend, leading to incorrect access control...