94 matches found
itsourcecode Placement Management System 注入漏洞
itsourcecode Placement Management System is an open source placement management system from itsourcecode. An injection vulnerability exists in version 1.0 of itsourcecode Placement Management System, which originates from a SQL injection due to incorrect manipulation of the parameter delete in th...
Code-Projects Online Restaurant Management System 注入漏洞
Code-Projects Online Restaurant Management System is a Code-Projects open source online restaurant management system. Code-Projects Online Restaurant Management System version 1.0 suffers from an injection vulnerability that stems from improper handling of the parameter del in the /admin/combo.ph...
CodeAstro Complaint Management System 安全漏洞
CodeAstro Complaint Management System is a complaint management system from CodeAstro. A security vulnerability exists in CodeAstro Complaint Management System v1.0, which stems from an IDOR vulnerability that can be exploited to execute arbitrary code and obtain sensitive information by modifyin...
CVE-2024-55496
A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project 1.0. This issue affects some unknown functionality of addcompany.php. Actions on the delete parameter result in SQL injection...
PT-2024-36530 · Unknown · 1000Projects Bookstore Management System Php Mysql Project
Name of the Vulnerable Software and Affected Versions: 1000projects Bookstore Management System PHP MySQL Project version 1.0 Description: A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project. This issue affects some unknown functionality of the "add...
Cross-Site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-Site Request Forgery CSRF via the delete parameter, due to insufficient verification of the origin of HTTP requests. Remediation Upgrade mediawiki/cargo to version 3.7 or higher. References - Gerrit Mediawiki - Wikimedia Phabricat...
PT-2024-28332 · Idccms · Idccms
Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: The issue is related to a Cross-Site Request Forgery CSRF in the component /admin/vpsApiData deal.php. The mudi parameter is involved, specifically when set to del. This allows for unauthorized actions to be...
CVE-2024-34955
Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter...
CVE-2024-34955
Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter...
Budget Management security breach
SourceCodester Budget Management System is an application from SourceCodester, Inc. It provides a function to calculate exact expenses through a web application. A security vulnerability exists in Budget Management version 1.0 that stems from the vulnerability to SQL injection attacks via the...
PT-2024-26270 · Unknown · Code-Projects Budget Management
Name of the Vulnerable Software and Affected Versions: Code-projects Budget Management version 1.0 Description: The issue is related to SQL Injection, which occurs via the delete parameter. This allows for potential manipulation of database queries. Recommendations: For Code-projects Budget...
Student Record System manage-courses.php File SQL Injection Vulnerability
Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the del parameter of the file /manage-courses.php?del=1. An attacker can exploit this vulnerability t...
PT-2024-20578 · Unknown · Surya2Developer Hostel Management System
Name of the Vulnerable Software and Affected Versions: Surya2Developer Hostel Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown function of the file /admin/manage-students.php. The manipulation of the del argument leads to improper access...
CVE-2024-25212
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php...
CVE-2024-1251
A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /general/email/outbox/delete.php. The manipulation of the argument DELETESTR leads to sql injection. The exploit has been disclosed to the public and may be used...
CVE-2024-23870
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/stockissuancelist.php, in the delete parameter. Exploitation of this vulnerability...
PT-2024-20139 · Cups Easy · Cups Easy
Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A Cross-Site Scripting XSS issue has been reported due to insufficient encoding of user-controlled inputs. This issue can be exploited via the "/cupseasylive/stockissuancelist.php" API...
Cups Easy 跨站脚本漏洞
Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the delete parameter on the /cupseasylive/stockissuancelist.php page. An attacker could...
Task Reminder System SQL Injection Vulnerability
Task Reminder System is a Task Reminder System by Carlo Montero Personal Developer. A SQL injection vulnerability exists in Task Reminder System version 1.0, which stems from the parameter id of the file classes/Users.php?f=delete that can lead to SQL injection...
TONGDA Office Anywhere SQL Injection Vulnerability
TONGDA Office Anywhere is a collaborative office OA system. A security vulnerability exists in TONGDA Office Anywhere version 11.10, which originates from a SQL injection vulnerability in the parameter deleteSTR in the file setprint/delete.php...