189 matches found
Cross site scripting
Cross Site Scripting XSS.vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php...
CVE-2021-42223
Cross Site Scripting XSS.vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php...
CVE-2021-42223
CVE-2021-42223 affects Online DJ Booking Management System 1.0. The vulnerability is a Cross-Site Scripting (XSS) in view-booking-detail.php. Root cause: unsanitized input leading to script execution. CVSS scores reported: CVSS v2.0 base score 4.3 (MEDIUM) and CVSS v3.1 base score 6.1 (MEDIUM). E...
Sql injection
SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the 1 listid parameter in detail.php and the 2 groupprice or groupid parameters in searchresult.php...
CVE-2020-21809
SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the 1 listid parameter in detail.php and the 2 groupprice or groupid parameters in searchresult.php...
CVE-2020-21809
Summary: CVE-2020-21809 is a SQL Injection vulnerability in the NukeViet CMS module Shops affecting versions 4.0.29 and 4.3, exploitable via improper handling of input parameters (listid in detail.php; group_price or groupid in search_result.php). The vulnerability is documented with high/critica...
Sql injection
Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php...
CVE-2021-28423
Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php...
Online BookStore SQL Injection Vulnerability
Online BookStore is an online bookstore program. There is a sql injection vulnerability in Online Book Store v1.0. The vulnerability is caused by the id parameter in detail.php not filtering special characters, and an attacker can execute arbitrary SQL statements through this vulnerability...
CVE-2020-25487
PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php...
Sql injection
PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php...
CVE-2020-25487
PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php...
CVE-2020-25487
The CVE-2020-25487 affects PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 . The vulnerability is an SQL Injection delivered via the endpoint zms/animal-detail.php , enabling manipulation of database queries. The source indicates the issue is tied to this endpoint; there is no av...
Find a Place CMS Directory 1.5 - SQL Injection
Exploit Title: Locations CMS 1.5 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: https://themerig.com/ Software Link: https://codecanyon.net/item/locations-multipurpose-cms-directory-theme/21098597 Version: 1.0 Category: Webapps Tested on:...
CVE-2017-17649
Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter...
CVE-2017-17636
MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter...
CVE-2017-17602
Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php showid or view-product.php pid parameter...
Sql injection
Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php showid or view-product.php pid parameter...
Sql injection
MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter...
Sql injection
Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php reportvideos array parameter...