52 matches found
TONGDA Office Anywhere SQL Injection Vulnerability
TONGDA Office Anywhere is a collaborative office OA system. A SQL injection vulnerability exists in TONGDA Office Anywhere V11.10 and earlier versions, v2017, which originates from the presence of an unknown function in general/system/approvecenter/flowsort/flow/delete.php, which can cause a SQL...
Tongda OA 2017 SQL Injection Vulnerability
Tongda2000 is a web-based intelligent office system from China Tongda Tongda. A security vulnerability exists in Tongda OA 2017 version, which originates from the existence of an unknown part of the file general/hr/training/record/delete.php, which leads to sql injection via the parameter RECORDI...
The vulnerability of the delete.php script (located at general/hr/manage/staff_title_evaluation/delete.php) within the Tongda OA automation tool for business processes, which allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the delete.php script located at general/hr/manage/stafftitleevaluation/delete.php within the Tongda OA automation tool relates to the failure to protect the SQL query structure during the processing of the EVALUATIONID parameter. Exploiting this vulnerability allows an...
CVE-2023-5261
A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unknown function of the file general/hr/manage/stafftitleevaluation/delete.php. The manipulation of the argument EVALUATIONID leads to sql injection. The exploit has been disclosed to the public and may...
CVE-2023-5030
A vulnerability has been found in Tongda OA up to 11.10 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/plan/delete.php. The manipulation of the argument PLANID leads to sql injection. The exploit has been disclosed to the public and may be used...
CVE-2022-36730
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /librarian/delete.php...
CVE-2022-36730
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /librarian/delete.php...
CVE-2022-28006
Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\employeedelete.php...
CVE-2022-25404
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETESTR parameter...
PHPSHE Arbitrary File Deletion Vulnerability
PHPSHE is an online shopping mall system. The system supports express tracking, online chat, order evaluation and statistics. A security vulnerability exists in the admin.php?mod=db&act=del script in PHPSHE version 1.7. A remote attacker can exploit this vulnerability to delete arbitrary files wi...
pBot Remote Code Execution
!/usr/bin/perl Exploit Title: pBot Remote Code Execution "" hostauth Date: 31.07.2012 Exploit Author: @bwallHatesTwits Software Link: https://www.firebwall.com/decoding/read.php?u=620d21fd31b87046e94975e03fdafa8a decoded from attempted attack Version: Various versions Tested on: Linux 3.2 use...
CVE-2011-5068
Multiple cross-site request forgery CSRF vulnerabilities in Support Incident Tracker aka SiT! 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via userdelete.php and other unspecified programs...