283 matches found
CVE-2022-4228
A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsmsci/index.php/user/edituser/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack...
CVE-2022-41439
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php...
CVE-2022-41439
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php...
Billing System Project SQL注入漏洞
Billing System Project is a billing system project by Mayuri K. Individual Developer. Billing System Project v1.0 has a SQL injection vulnerability that stems from the id parameter in /phpinventory/edituser.php found to contain a SQL injection vulnerability...
CVE-2022-38595
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edituser.php...
CVE-2022-38595
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edituser.php...
Church Management System SQL注入漏洞
Church Management System is a church management system. A security vulnerability exists in Church Management System v1.0, which was discovered to contain a SQL injection vulnerability via the id parameter in /admin/edituser.php...
PT-2022-24473 · Unknown · Church Management System
Name of the Vulnerable Software and Affected Versions: Church Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/admin/edit user.php" API endpoint. Recommendations: For Church Manageme...
CVE-2022-36505
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EDitusergroup...
CVE-2020-35597
Victor CMS 1.0 is vulnerable to SQL injection via cid parameter of admineditcomment.php, pid parameter of admineditpost.php, uid parameter of adminedituser.php, and edit parameter of adminupdatecategories.php...
CVE-2022-1089 Bulk Edit and Create User Profiles < 1.5.14 - Admin+ Stored Cross-Site Scripting
The Bulk Edit and Create User Profiles WordPress plugin before 1.5.14 does not sanitise and escape the Users Login, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-27162
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcmsadminMemberseditUser...
CSZ CMS SQL注入漏洞
CSZ CMS is a PHP-based open source content management system CMS. CSZ CMS version 1.2.2 contains a SQL injection vulnerability, which originates from the lack of validation of external input SQL statements in cszcmsadminMemberseditUser and can be exploited by attackers to execute illegal SQL...
CSZ CMS SQL注入漏洞
CSZ CMS is a PHP-based open source content management system CMS. CSZ CMS version 1.2.2 is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in cszcmsadminUserseditUser, and can be used by attackers to execute illegal SQL commands to obtain...
CVE-2022-24222
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edituser.php...
CVE-2022-24222
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edituser.php...
Elite Graphix Elite Cms SQL注入漏洞
eliteCMS is a popular content management system. A SQL injection vulnerability exists in eliteCMS /admin/edituser.php, which can be exploited by remote attackers to submit a special SQL request to manipulate the database, obtain sensitive information or execute arbitrary code...
Laundry Booking Management System 1.0 - Multiple SQL Injection Vulnerability
Exploit Title: Laundry Booking Management System 1.0 - 'Multiple' SQL Injection Exploit Author: Azumah Foresight Xorlali Vendor Homepage: https://www.sourcecodester.com/php/14400/laundry-booking-management-system-php-source-code.html Software Link:...
CASAP Automated Enrollment SQL Injection Vulnerability (CNVD-2021-57782)
CASAP Automated Enrollment is an automated enrollment system for the CASAP organization in the United States. The purpose of the project is to provide CASAP with an automated enrollment system to streamline the school process and make it more effective, efficient and easy to retrieve...
CVE-2021-26226
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edituser.php...