PT-2024-25115 · Thinksaas · Thinksaas

Name of the Vulnerable Software and Affected Versions: ThinkSAAS version 3.7.0 Description: A stored cross-site scripting XSS vulnerability in the component /pubs/counter.php allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter. This...

Vyper 安全漏洞

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper 0.3.10 and earlier versions, which stems from when the buffer parameters are msg.data, self.code, .code, start, length...

PT-2024-18835 · WordPress · Christmas Greetings

Name of the Vulnerable Software and Affected Versions: Christmas Greetings plugin for WordPress versions 1.2.5 and earlier Description: The issue is related to Reflected Cross-Site Scripting via the code parameter due to insufficient input sanitization and output escaping. This allows...

Shenzhen Libituo Technology LBT-T300-mini 安全漏洞

The Shenzhen Libituo Technology LBT-T300-mini is a mini-plug-in router from Shenzhen Libituo Technology China. A security vulnerability exists in the Shenzhen Libituo Technology LBT-T300-mini v1.2.9, which is caused by a buffer overflow in the pincode3g parameter in /apply.cgi...

VulnCheck KEV: CVE-2022-28079

College Management System v1.0 was discovered to contain a SQL injection vulnerability via the coursecode parameter...

PYSEC-2023-214

Home assistant is an open source home automation. The audit team’s analyses confirmed that the redirecturi and clientid are alterable when logging in. Consequently, the code parameter utilized to fetch the accesstoken post-authentication will be sent to the URL specified in the aforementioned...

ImpressCMS 跨站脚本漏洞

ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums and photo albums. A cross-site scripting vulnerability exists in ImpressCMS v1.4.5 and earlier versions, which stems from the lack of effective filtering and escaping of...

PT-2023-17433 · Unknown · Campcodes Video Sharing Website

Name of the Vulnerable Software and Affected Versions: Campcodes Video Sharing Website version 1.0 Description: A critical issue has been found, affecting an unknown part of the file watch.php. The manipulation of the code argument leads to SQL injection. It is possible to initiate the attack...

CVE-2023-1418

A vulnerability classified as problematic was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file cashconfirm.php of the component POST Parameter Handler. The manipulation of the argument...

VulnCheck KEV: CVE-2023-23488

The Paid Memberships Pro WordPress Plugin, version 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route...

InventoryManagementSystem SQL注入漏洞

InventoryManagementSystem is an inventory management system by Sajan Rajbhandari, an individual developer. It provides an easy way to track products, suppliers, customers, and purchasing and sales information. A security vulnerability exists in InventoryManagementSystem version 1.0, which...

CVE-2022-2515

The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the proversionactivationcode parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those...

CVE-2022-2515

The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the proversionactivationcode parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those...

MyAdmin 安全漏洞

MyAdmin is a backend management system for cdfan personal developers. A security vulnerability exists in MyAdmin v1.0, which stems from an incorrect access control vulnerability when viewing the Personal Center in /api/user/userData?userCode=admin...

Covid-19 Travel Pass Management System SQL Injection Vulnerability

Covid-19 Travel Pass Management System is a Covid-19 travel pass management system. It provides an online platform for individuals to submit travel passes within the Covid-19 restrictions. A SQL injection vulnerability exists in Covid-19 Travel Pass Management System version 1.0, which stems from...

CVE-2022-30054

In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks...

Sql injection

In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks...

Covid-19 Travel Pass Management System SQL注入漏洞

Covid-19 Travel Pass Management System is a Covid-19 travel pass management system. It provides an online platform for individuals to submit travel passes within the Covid-19 restrictions. A SQL injection vulnerability exists in Covid-19 Travel Pass Management System version 1.0, which stems from...

CVE-2022-28079

College Management System v1.0 was discovered to contain a SQL injection vulnerability via the coursecode parameter...

CVE-2022-28079

College Management System v1.0 was discovered to contain a SQL injection vulnerability via the coursecode parameter...