70 matches found
PT-2022-26844 · Unknown · Human Resource Management System
Name of the Vulnerable Software and Affected Versions: Human Resource Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the stateedit parameter at the "/hrm/state.php" API endpoint. There is no information...
CVE-2022-38265
Apartment Visitor Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /avms/edit-apartment.php...
CVE-2020-35597
Victor CMS 1.0 is vulnerable to SQL injection via cid parameter of admineditcomment.php, pid parameter of admineditpost.php, uid parameter of adminedituser.php, and edit parameter of adminupdatecategories.php...
WordPress plugin Realty Workstation SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. SQL injection vulnerability exists in versions prior to WordPress Realty Workstation plugin 1.0.15,...
PT-2022-14049 · WordPress · Realty Workstation
Name of the Vulnerable Software and Affected Versions: The Realty Workstation WordPress plugin versions prior to 1.0.15 Description: The issue arises from the lack of sanitization and escaping of the trans edit parameter before its use in a SQL statement when an agent edits a transaction, leading...
CVE-2021-24553
The Timeline Calendar WordPress plugin through 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin...
CVE-2021-26762
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php...
White Shark System SQL注入漏洞
White Shark System WSS is a browser-based collaboration platform that integrates Project Management, Task Management, Work Management and Work Log Management. Project Management", "Task Management", "Work Management" and "Work Log Management". A SQL injection vulnerability exists in White Shark...
Curfew e-Pass Management System 1.0 SQL Injection Vulnerability
Curfew e-Pass Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to gh1mau. Exploit Title: Curfew e-Pass Management System 1.0 Multiple SQL Injection Vulnerabilities Exploit Author: Mucahit...
CVE-2019-20337
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the newsedit.php newsid parameter is vulnerable to SQL Injection...
CVE-2018-19547
JTBCPHP 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter...
CVE-2018-10320
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layoutname parameter, aka Edit Layout...
CVE-2017-17893
Readymade Video Sharing Script has XSS via the searchvideo.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter...
Design/Logic Flaw
Readymade Video Sharing Script has XSS via the searchvideo.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter...
CVE-2017-15967
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template...
LebiShop Mall Backend Arbitrary File Reading Vulnerability
LebiShop mall system is an online mall system using ASP.NET language. The system is widely used in small and medium-sized e-commerce enterprises. The management background of this mall system provides the editing function of the system template file. The file parameter of this function page is no...
SQL injection vulnerability in the id parameter of Ticketmaster ERP web-based ticketing system/Other/Edit.aspx?id=.
Ltd. Ticketmaster ERP management system is a special ticket management system for air ticket agents, integrating online booking management, telephone recording screen, corporate travel management, order management in the same industry, membership management, points management, SMS sending, staff...
WordPress Amerisale Re Plugin -Reflected XSS
This plugin is prone to a cross site scripting vulnerability in netriesdetail/upload.php edit parameter. Solution Update the plugin...
WordPress Easing Slider Plugin <= 2.2.0.6 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "edit" parameter. Solution Upgrade the plugin...
CVE-2014-5276
Multiple cross-site scripting XSS vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via 1 an uploaded profile picture or 2 the edit parameter to profiles/index.php...