crud 代码注入漏洞

crud is a minimalist backend management system developed by Yang Youwang, an individual developer in China. A code injection vulnerability exists in crud version 1.0.0, which originates from a cross-site scripting attack...

CVE-2024-9812

A vulnerability classified as critical was found in code-projects Crud Operation System 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...

CVE-2024-8564 SourceCodester PHP CRUD update.php sql injection

A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update.php. The manipulation of the argument tblpersonid/firstname/middlename/lastname leads to sql injection. The attack can be initiated...

CVE-2024-8563

A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/update.php. The manipulation of the argument firstname/middlename/lastname leads to cross site scripting. It is possible to initiate the attack...

CVE-2024-8561

A vulnerability has been found in SourceCodester PHP CRUD 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete.php of the component Delete Person Handler. The manipulation of the argument person leads to sql injection. The attack...

CVE-2024-8562 SourceCodester PHP CRUD Add.php cross site scripting

A vulnerability was found in SourceCodester PHP CRUD 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /endpoint/Add.php. The manipulation of the argument firstname/middlename/lastname leads to cross site scripting. The attack may be launched...

CVE-2024-8562 SourceCodester PHP CRUD Add.php cross site scripting

A vulnerability was found in SourceCodester PHP CRUD 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /endpoint/Add.php. The manipulation of the argument firstname/middlename/lastname leads to cross site scripting. The attack may be launched...

CVE-2024-8561 SourceCodester PHP CRUD Delete Person delete.php sql injection

A vulnerability has been found in SourceCodester PHP CRUD 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete.php of the component Delete Person Handler. The manipulation of the argument person leads to sql injection. The attack...

GO-2024-2629 Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana

Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

CVE-2024-2393

SourceCodester CRUD without Page Reload 1.0 is affected by a SQL injection in add_user.php via the city parameter. This vulnerability is exploitable remotely and has had an exploit disclosed publicly. Affected functionality is described as unknown in the file add_user.php; no product/vendor versi...

CVE-2024-2393 SourceCodester CRUD without Page Reload add_user.php sql injection

A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file adduser.php. The manipulation of the argument city leads to sql injection. The attack can be launched remotely. The...

Grafana's users with permissions to create a data source can CRUD all data sources

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read, query, edit and delete all data sources within the organization...

CVE-2024-1442 User with permissions to create a data source can CRUD all data sources

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read, query, edit and delete all data sources within the organization...

CVE-2023-38367

The CVE-2023-38367 entry concerns IBM Cloud Pak Foundational Services Identity Provider (idP) API in IBM Cloud Pak for Automation across multiple releases (18.0.0 through 22.0.2 with various fixes). The issue allows CRUD operations with an invalid token, enabling an unauthenticated attacker to vi...

CVE-2024-1215

A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetchdata.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched...

Cross site scripting

A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetchdata.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched...

CVE-2024-1215 SourceCodester CRUD without Page Reload fetch_data.php cross site scripting

A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetchdata.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched...

CVE-2024-1215

CVE-2024-1215 affects SourceCodester CRUD without Page Reload 1.0. The vulnerability resides in fetch_data.php where manipulating the username or city parameter triggers a cross-site scripting (XSS) issue. Exploitation can be performed remotely, and public PoCs/claims exist. The issue is tied to ...

Information Disclosure

flaskappbuilder is vulnerable to Information Disclosure. The vulnerability exists in the crud operator functions in interface.py due to log messages which are not properly sanitized during database errors, allowing an admin authenticated attacker to gain access to sensitive user information such ...

CVE-2023-35167

Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the @Entity decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the id of an entity instance is not authorized to access, can gain...