CVE-2020-37051

CVE-2020-37051 affects the Online-Exam-System 2015. A time-based blind SQL injection in the feedback form enables attackers to extract database password hashes via the feed.php endpoint, using crafted time-delayed payloads to enumerate password characters. Reported CVSS metrics (v3.1, base score ...

EUVD-2023-49432

Malicious code in bioql PyPI...

CVE-2024-42843

Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php...

PT-2024-30181 · Unknown · Projectworlds Online Examination System

Name of the Vulnerable Software and Affected Versions: Projectworlds Online Examination System version 1.0 Description: The issue is related to SQL Injection via the subject parameter in feed.php. This allows for potential exploitation. Recommendations: For Projectworlds Online Examination System...

CVE-2024-42843

Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php...

CVE-2024-42843

CVE-2024-42843 affects Projectworlds Online Examination System v1.0, with a SQL Injection vulnerability in the subject parameter of feed.php. Multiple connected sources corroborate the issue; no authoritative patch/version is specified in the provided documents. The CVSS metrics indicate a critic...

Sql injection

A vulnerability was found in code-projects Fighting Cock Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/action/new-feed.php. The manipulation of the argument typefeed leads to sql injection. It is possible to initiate the attack remotel...

CVE-2024-0488 code-projects Fighting Cock Information System new-feed.php sql injection

A vulnerability was found in code-projects Fighting Cock Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/action/new-feed.php. The manipulation of the argument typefeed leads to sql injection. It is possible to initiate the attack remotel...

Online Examination System feed.php Page SQL Injection Vulnerability

Online Examination System is an online examination system. Online Examination System v1.0 suffers from a SQL injection vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data in the email parameter of the feed.php page, which can be exploited by an...

Online Examination System SQL注入漏洞

Online Examination System is an online examination system. Online Examination System v1.0 suffers from a SQL injection vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data in the email parameter of the feed.php page, which can be exploited by an...

PT-2023-29413 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the subject parameter of the "feed.php" resource does not validate the characters received, sending th...

CVE-2023-45202

Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL...

CVE-2023-45202

CVE-2023-45202 affects Online Examination System v1.0. The issue is multiple Open Redirects in the feed.php resource’s q parameter, enabling an attacker to redirect a victim to an arbitrary website via a crafted URL. Exploitation details are not provided in the sources. The Red Hat and PRION entr...

phpBB 3.0.7 allows remote attackers to bypass intended access restrictions

feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to permission settings on a private forum...

WordPress 3.7.x < 3.7.24 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - wp-admin/user-new.php sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access...

WordPress 4.7.x < 4.7.8 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - wp-admin/user-new.php sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access...

WordPress 4.5.x < 4.5.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - wp-admin/user-new.php sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access...

WordPress Cross-Site Scripting Vulnerability (CNVD-2017-38250)

WordPress is a blogging platform developed using the PHP language. Users can set up their own websites on servers that support PHP and MySQL databases, or use WordPress as a content management system CMS. A cross-site scripting vulnerability exists in WordPress before 4.9.1. The vulnerability...

CVE-2017-17094

wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL...

CVE-2017-17094

wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL...