PT-2024-34440 · Unknown · Kashipara E-Learning Management System Project

Name of the Vulnerable Software and Affected Versions: KASHIPARA E-learning Management System Project version 1.0 Description: A Stored Cross-Site Scripting XSS issue was found in the /admin/calendar of events.php endpoint, allowing remote attackers to execute arbitrary scripts via the date start...

PT-2023-10817 · Bigtree · Events Extension

Name of the Vulnerable Software and Affected Versions: Events Extension on BigTree affected versions not specified Description: A critical issue was found in the Events Extension, affecting the getRandomFeaturedEventByDate, getUpcomingFeaturedEventsInCategoriesWithSubcategories, recacheEvent, and...

CVE-2021-41739

A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp...

Command injection

A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp...

Artica Proxy 操作系统命令注入漏洞

Artica Proxy is an open source Artica proxy solution from French company Artica. A security vulnerability exists in Artica Proxy version 4.30.000000, which stems from a lack of filtering and escaping in the application's cyrus.events.php GET parameter logs and POST parameter rp. An attacker can...