Lucene search
K

70 matches found

Positive Technologies
Positive Technologies
added 2022/11/07 12:0 a.m.4 views

PT-2022-26844 · Unknown · Human Resource Management System

Name of the Vulnerable Software and Affected Versions: Human Resource Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the stateedit parameter at the "/hrm/state.php" API endpoint. There is no information...

8.8CVSS8.7AI score0.00809EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/09/08 8:10 p.m.22 views

CVE-2022-38265

Apartment Visitor Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /avms/edit-apartment.php...

7.5AI score0.00734EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/06/16 6:26 p.m.25 views

CVE-2020-35597

Victor CMS 1.0 is vulnerable to SQL injection via cid parameter of admineditcomment.php, pid parameter of admineditpost.php, uid parameter of adminedituser.php, and edit parameter of adminupdatecategories.php...

9.1AI score0.01442EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/06/08 12:0 a.m.5 views

WordPress plugin Realty Workstation SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. SQL injection vulnerability exists in versions prior to WordPress Realty Workstation plugin 1.0.15,...

4.9CVSS6.1AI score0.00951EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2022/06/06 12:0 a.m.5 views

PT-2022-14049 · WordPress · Realty Workstation

Name of the Vulnerable Software and Affected Versions: The Realty Workstation WordPress plugin versions prior to 1.0.15 Description: The issue arises from the lack of sanitization and escaping of the trans edit parameter before its use in a SQL statement when an agent edits a transaction, leading...

4.9CVSS5.4AI score0.00951EPSS
Exploits2References6
OSV
OSV
added 2021/08/23 12:15 p.m.5 views

CVE-2021-24553

The Timeline Calendar WordPress plugin through 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin...

7.2CVSS5.8AI score0.01578EPSS
Exploits2References2
OSV
OSV
added 2021/07/22 4:15 p.m.2 views

CVE-2021-26762

SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php...

8.8CVSS7.6AI score0.02265EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/06/21 12:0 a.m.3 views

White Shark System SQL注入漏洞

White Shark System WSS is a browser-based collaboration platform that integrates Project Management, Task Management, Work Management and Work Log Management. Project Management", "Task Management", "Work Management" and "Work Log Management". A SQL injection vulnerability exists in White Shark...

7.5CVSS6AI score0.01669EPSS
Exploits1References2
0day.today
0day.today
added 2020/08/06 12:0 a.m.222 views

Curfew e-Pass Management System 1.0 SQL Injection Vulnerability

Curfew e-Pass Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to gh1mau. Exploit Title: Curfew e-Pass Management System 1.0 Multiple SQL Injection Vulnerabilities Exploit Author: Mucahit...

0.4AI score
Exploits0
NVD
NVD
added 2020/01/05 10:15 p.m.29 views

CVE-2019-20337

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the newsedit.php newsid parameter is vulnerable to SQL Injection...

7.2CVSS7.2AI score0.0104EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2018/11/26 7:29 a.m.1 views

CVE-2018-19547

JTBCPHP 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter...

6.1CVSS5.3AI score0.0073EPSS
Exploits1References3
OSV
OSV
added 2018/04/24 2:29 a.m.4 views

CVE-2018-10320

Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layoutname parameter, aka Edit Layout...

4.8CVSS5.8AI score0.00534EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2017/12/27 5:8 p.m.3 views

CVE-2017-17893

Readymade Video Sharing Script has XSS via the searchvideo.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter...

6.1CVSS5.4AI score0.00683EPSS
Exploits1References2
Prion
Prion
added 2017/12/27 5:8 p.m.16 views

Design/Logic Flaw

Readymade Video Sharing Script has XSS via the searchvideo.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter...

4.3CVSS6AI score0.00683EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2017/10/29 6:29 a.m.4 views

CVE-2017-15967

Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template...

9.8CVSS5.8AI score0.02066EPSS
Exploits4References2
CNVD
CNVD
added 2016/05/09 12:0 a.m.7 views

LebiShop Mall Backend Arbitrary File Reading Vulnerability

LebiShop mall system is an online mall system using ASP.NET language. The system is widely used in small and medium-sized e-commerce enterprises. The management background of this mall system provides the editing function of the system template file. The file parameter of this function page is no...

6.8AI score
Exploits0
CNVD
CNVD
added 2015/05/29 12:0 a.m.3 views

SQL injection vulnerability in the id parameter of Ticketmaster ERP web-based ticketing system/Other/Edit.aspx?id=.

Ltd. Ticketmaster ERP management system is a special ticket management system for air ticket agents, integrating online booking management, telephone recording screen, corporate travel management, order management in the same industry, membership management, points management, SMS sending, staff...

7.7AI score
Exploits0References1
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.16 views

WordPress Amerisale Re Plugin -Reflected XSS

This plugin is prone to a cross site scripting vulnerability in netriesdetail/upload.php edit parameter. Solution Update the plugin...

1.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/01/31 12:0 a.m.32 views

WordPress Easing Slider Plugin <= 2.2.0.6 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "edit" parameter. Solution Upgrade the plugin...

4.3CVSS2.7AI score0.02599EPSS
Exploits3References1Affected Software1
NVD
NVD
added 2014/10/20 4:55 p.m.18 views

CVE-2014-5276

Multiple cross-site scripting XSS vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via 1 an uploaded profile picture or 2 the edit parameter to profiles/index.php...

3.5CVSS5.4AI score0.02636EPSS
Exploits1References5
Rows per page
Query Builder