CVE-2024-2682 Campcodes Online Job Finder System controller.php cross site scripting

A vulnerability classified as problematic has been found in Campcodes Online Job Finder System 1.0. Affected is an unknown function of the file /admin/employee/controller.php. The manipulation of the argument EMPLOYEEID leads to cross site scripting. It is possible to launch the attack remotely...

CVE-2024-2682 Campcodes Online Job Finder System controller.php cross site scripting

A vulnerability classified as problematic has been found in Campcodes Online Job Finder System 1.0. Affected is an unknown function of the file /admin/employee/controller.php. The manipulation of the argument EMPLOYEEID leads to cross site scripting. It is possible to launch the attack remotely...

CVE-2024-2676 Campcodes Online Job Finder System controller.php sql injection

A vulnerability, which was classified as critical, was found in Campcodes Online Job Finder System 1.0. Affected is an unknown function of the file /admin/company/controller.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit...

CVE-2024-2676 Campcodes Online Job Finder System controller.php sql injection

A vulnerability, which was classified as critical, was found in Campcodes Online Job Finder System 1.0. Affected is an unknown function of the file /admin/company/controller.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit...

CVE-2024-2672 Campcodes Online Job Finder System controller.php sql injection

A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/user/controller.php. The manipulation of the argument UESRID leads to sql injection. The attack may be launched remotely. The...

CVE-2024-2672 Campcodes Online Job Finder System controller.php sql injection

A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/user/controller.php. The manipulation of the argument UESRID leads to sql injection. The attack may be launched remotely. The...

CVE-2024-2672

CVE-2024-2672 affects Campcodes Online Job Finder System 1.0. The Red Hat and vendor records confirm a SQL injection vulnerability in the /admin/user/controller.php file, triggered by manipulating the UESRID parameter. The issue is exploitable remotely and, per disclosures, the exploit is public....

CVE-2024-2668 Campcodes Online Job Finder System controller.php sql injection

A vulnerability has been found in Campcodes Online Job Finder System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/vacancy/controller.php. The manipulation of the argument id/CATEGORY leads to sql injection. The attack can be initiated remotely. The...

CVE-2024-25166

Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...

CVE-2024-25166

Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...

CVE-2024-25166

Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...

Cross-Site Scripting(XSS)

Concrete CMS is vulnerable to Cross Site Scripting XSS. The Vulnerability is due to missing validation in the getTitle function in controller.php. This could allow an attacker to inject malicious scripts...

CVE-2023-42398

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...

CVE-2023-42398

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...

CVE-2023-42398

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...

Code injection

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...

CVE-2023-42398

The CVE-2023-42398 issue affects zzCMS v.2023, where an attacker can remotely execute arbitrary code and disclose sensitive data through the ueditor component in controller.php. The vulnerability is associated with zzCMS 2023 and involves the ueditor integration in controller.php, enabling code e...

CVE-2023-42398

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...

CVE-2023-42398

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...

Insecure Cookies

concrete5/concrete5 is vulnerable to Insecure Cookies. The vulnerability exists in controller.php because the ccmPoll cookie parameters do not have secure and http only attributes which allows an attacker to gain access to session and perform unauthorized actions...