PT-2023-21361 · Bloofox · Bloofox

Name of the Vulnerable Software and Affected Versions: bloofox version 0.5.2 Description: The issue is related to an arbitrary file deletion vulnerability. This vulnerability can be exploited via the delete file function. Recommendations: For bloofox version 0.5.2, consider disabling the delete...

Sql injection

SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page...

CVE-2023-1589

A vulnerability has been found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This vulnerability affects the function exec of the file admin/operations/approvedelete.php. The manipulation of the argument id leads to sql injection. The attack can be...

Helm和Helmet Store Showroom Site SQL注入漏洞

Helmet Store Showroom Site is a platform by Carlo Montero Personal Developer. Allows potential customers of Inquiries Stores to virtually display helmet products. Helmet Store Showroom Site v1.0 suffers from a SQL injection vulnerability that originates from an SQL injection via...

Online Diagnostic Lab Management System SQL注入漏洞

Online Diagnostic Lab Management System is an online diagnostic lab management system. A security vulnerability exists in Online Diagnostic Lab Management System v1.0, which stems from the id parameter of its /odlms/classes/Users.php?f=delete component that allows an attacker to implement SQL...

OpenCats SQL注入漏洞

OpenCats is an open source recruitment process management system. OpenCats v0.9.6 suffers from a SQL injection vulnerability that stems from a security issue with the tagid variable in the tag delete function. No detailed vulnerability details are provided at this time...

Design/Logic Flaw

An issue in the deletepost function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts...

GHSA-75FM-52MM-Q5RM ThinkPHP SQL injection vulnerability

In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request...

CVE-2022-28429

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=delete&msgid=...

Car Driving School Management System SQL注入漏洞

Car Driving School Management System is a driving school management system. SQL injection vulnerability exists in Car Driving School Managment System, which originates from /cdsms/classes/Master.php?f=delete The vulnerability is caused by the lack of filtering and escaping of SQL data in the id...

CScms SQL注入漏洞

CScms is a content management system CMS developed on the CI framework. cscms has a security vulnerability that stems from the fact that cscms v4.1 allows SQL injection via the js del function. No detailed vulnerability details are available...

CVE-2021-21908

Specially-crafted command line arguments can lead to arbitrary file deletion. The handledelete function does not attempt to sanitize or otherwise validate the contents of the file parameter passed to the function as argv1, allowing an authenticated attacker to supply directory traversal primitive...

GPAC 资源管理错误漏洞

GPAC is an open source multimedia framework. version 1.1.0 of GPAC contains a security vulnerability that originates from the gfsgcommanddel function in the software and can be exploited to cause segmentation errors and application crashes...

GHSA-2XWQ-H7R9-6W27 Cross-site Scripting in kimai2

Cross site request forgery vulnerability is present in delete functionality of doctor feature. This vulnerability is capable of deleting system logs...

GHSA-8V63-CQQC-6R2C Prototype Pollution in object-path

object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'. The del function fails to validate which Object properties it deletes. This allows attackers to modify the prototype of Object, causing the modification of default properties like...

Jfinal CMS 路径遍历漏洞

Jfinal CMS is a powerful information consulting website developed in java that uses JFinal as the web framework, beetl for the template engine, mysql for the database, and bootstrap framework for the front-end. improper access control vulnerabilities exist in Jfinal CMS 4.7.1 and earlier versions...

CVE-2020-20290

Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions' improper judgment of the request parameters, triggers a directory traversal vulnerability...

CVE-2020-20290

Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions' improper judgment of the request parameters, triggers a directory traversal vulnerability...

yccms project 路径遍历漏洞

YCCMS is a Php-based lightweight CMS builder from the Yccms team. YCCMS 3.3 has a path traversal vulnerability, which stems from an error in the judgment of request parameters by the delete, deletesite, and deleteAll functions. No detailed vulnerability details are available...

RGhost: Idor on the DELETE /comments/

Summary: Idor on /comments Steps To Reproduce: Make sure you have 2 different ID's to maintain 2 different session for ensurity 1. The request can be tamper with the ID of different comment both the functions of edit/delete can be used 2. Delete gets hampered with the Captcha which is thrown but...