17 matches found
EUVD-2026-40371
OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate...
CVE-2026-58165 OpenZiti - Privilege Escalation to Admin via Unauthorized Enrollment Creation
OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate...
EUVD-2021-27753
Malicious code in bioql PyPI...
EUVD-2021-27754
Malicious code in bioql PyPI...
EUVD-2021-27752
Malicious code in bioql PyPI...
EUVD-2021-31421
Malicious code in bioql PyPI...
CVE-2021-40579
https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges remote...
CVE-2021-40579
https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges remote...
CVE-2021-40579
https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges remote...
Online Enrollment Management System SQL Injection Vulnerability
Online Enrollment Management System is an open source online enrollment management system. Online Enrollment Management System version 1.0 contains a SQL injection vulnerability that stems from the lack of effective filtering and escaping of the id parameter, which could be exploited to retrieve...
CVE-2021-44599
The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted with...
Sql injection
The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted with...
CVE-2021-44599
CVE-2021-44599 affects Online Enrollment Management System 1.0. The issue is a SQL injection in the id parameter, where a crafted payload can invoke MySQL load_file via a UNC path referencing an external URL, with the app interacting with that domain, indicating query execution. Root cause: lack ...
CVE-2021-44599
The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted with...
CVE-2021-40577
A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter...
CVE-2021-40577
CVE-2021-40577 is a stored XSS vulnerability in the Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, affecting the Add-Users page via the Name parameter. The issue arises from storing unsanitized input that is later reflected, enabling a persistent script...
Online Enrollment Management System 1.0 - Authentication Bypass Vulnerability
Exploit Title: Online Enrollment Management System 1.0 - Authentication Bypass Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/12914/online-enrollment-management-system-paypal-payments-phpmysqli.html Software Link:...