PT-2024-34437 · Unknown · Kashipara E-Learning Management System Project

Name of the Vulnerable Software and Affected Versions: KASHIPARA E-learning Management System Project version 1.0 Description: A Stored Cross-Site Scripting XSS issue was discovered in the "/admin/add subject.php" and "/lms/admin/add subject.php" API endpoints, allowing remote attackers to execut...

SourceCodester Online Eyewear Shop Website 跨站脚本漏洞

SourceCodester Online Eyewear Shop is a SourceCodester open source online eyewear store website project developed using PHP and MySQL, which provides an online shopping and ordering platform for the eyewear business and its potential customers. A cross-site scripting vulnerability exists in...

PT-2024-39930 · Unknown · Sourcecodester Online Eyewear Shop

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Eyewear Shop version 1.0 Description: A vulnerability was found in the software, affecting an unknown function of the file "/admin/?page=inventory/view inventory&id=2". The manipulation of the Code argument leads to...

Apex Softcell LD DP Back Office 安全漏洞

Apex Softcell LD DP Back Office is an application from Apex Softcell. Apex Softcell LD DP Back Office has a security vulnerability that originates from improper validation of certain parameters "cCdslClicentcode" and "cLdClientCode The vulnerability stems from improper validation of certain...

CVE-2024-5212

The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envatocode’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the onajaxregisterforumuser function. This makes it possible for...

CVE-2024-3886

The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envatocode’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the onajaxcheckenvatocode function. This makes it possible for...

PT-2024-35124 · Tagdiv · Tagdiv Composer

Name of the Vulnerable Software and Affected Versions: tagDiv Composer plugin for WordPress versions up to, and including, 5.0 Description: The issue is related to Reflected Cross-Site Scripting via the envato code parameter due to insufficient input sanitization and output escaping within the on...

SourceCodester Electric Billing Management System SQL注入漏洞

SourceCodester Electric Billing Management System is a SourceCodester open source electric billing management system. A SQL injection vulnerability exists in SourceCodester Electric Billing Management System version 1.0, which originates from an SQL injection vulnerability in the code parameter o...

PT-2024-38954 · Sourcecodester · Sourcecodester Electric Billing Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Electric Billing Management System version 1.0 Description: A critical issue affects some unknown functionality of the file "/?page=tracks" of the component Connection Code Handler. The manipulation of the code argument leads t...

CVE-2024-33961

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in...

CVE-2024-33962

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in...

PT-2024-28903 · Shenzhen Libituo Technology Co. · Lbt-T300-T400

Name of the Vulnerable Software and Affected Versions: Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 version 3.2 Description: A stack overflow issue was discovered via the pin 3g code parameter in the config 3g para function. Recommendations: For version 3.2, avoid using the pin 3g code...

PT-2024-5673 · Unknown · Netcat Netshop Cms

Name of the Vulnerable Software and Affected Versions: Netcat Netshop CMS affected versions not specified Description: The issue exists due to inadequate protection of the web page structure, specifically in the code parameter of the netshop CMS module. This allows a remote attacker to execute...

PT-2024-37159 · WordPress · The Houzez Theme

Name of the Vulnerable Software and Affected Versions: The Houzez Theme - Functionality plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to SQL Injection via the currency code parameter due to insufficient escaping on the user-supplied parameter and lack...

CVE-2024-3922

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

Employee and Visitor Gate Pass Logging System SQL Injection Vulnerability

Employee and Visitor Gate Pass Logging System is an employee and visitor pass logging system developed by Carlo Montero, an individual developer. An SQL injection vulnerability exists in Employee and Visitor Gate Pass Logging System version 1.0, which stems from an incorrect operation of the...

BossCMS Security Breach

Wenzhou Huoyin Information Technology BossCMS is a content management system based on MySQL architecture of self-developed PHP framework by Wenzhou Huoyin Information Technology. A security vulnerability exists in BossCMS v3.10, which is caused by a cross-site request forgery CSRF vulnerability i...

BlueNet Technology Clinical Browsing System SQL注入漏洞

BlueNet Technology Clinical Browsing System is a clinical browsing system from BlueNet Technology. A SQL injection vulnerability exists in BlueNet Technology Clinical Browsing System version 1.2.1, which stems from an incorrect manipulation of the parameter INSTICODE that can lead to SQL injectio...

CVE-2024-33788

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint...

CVE-2024-33102

CVE-2024-33102 affects ThinkSAAS v3.7.0, specifically the /pubs/counter.php component. The vulnerability is a stored XSS that allows an attacker to execute arbitrary web scripts or HTML by injecting a crafted payload into the code parameter. The CVSS v3.1 base score is 5.4 (Medium) with network a...