EUVD-2021-28966

Malicious code in bioql PyPI...

Code-Projects Online Book Shop SQL注入漏洞

Code-Projects Online Book Shop is a Code-Projects open source online bookstore. A SQL injection vulnerability exists in Code-Projects Online Book Shop version 1.0, which originates from a SQL injection vulnerability contained in the subcatid parameter of the /booklist.php page...

1000 Projects Bookstore Management System 注入漏洞

1000 Projects Bookstore Management System is an open source bookstore management system from 1000 Projects. An injection vulnerability exists in version 1.0 of 1000 Projects Bookstore Management System, which stems from a parameter id in the file /booklist.php that can cause SQL injection...

CVE-2021-41976

Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in...

CVE-2021-41567

The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks...

CVE-2021-41564

Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers can use special parameters to delete articles arbitrarily without logging in...

CVE-2021-41564

Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers can use special parameters to delete articles arbitrarily without logging in...

Authorization

Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in...

CVE-2021-41976

The CVE refers to Tad Uploader where the edit book list function is vulnerable to an authorization bypass, allowing remote attackers to amend folder names in the book list without logging in. Affected product is Tad Uploader; the root cause is improper authorization on the book list edit operatio...

CVE-2021-41567

The CVE-2021-41567 entry describes stored XSS in Tad Uploader’s view book list function, caused by insufficient filtering of the add subject parameter. Unauthenticated attackers can remotely inject JavaScript and execute client-side code. This vulnerability is corroborated by multiple connected r...

Tad Uploader 跨站脚本漏洞

Tad Uploader is a file upload management module by the individual developer of Tad in Taiwan, China. A cross-site scripting vulnerability exists in Tad Uploader, which stems from the failure of the add subject of the book list function in the product to properly filter certain special characters...