CVE-2023-0707 SourceCodester Medical Certificate Generator App function.php delete_record sql injection

A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been rated as critical. Affected by this issue is the function deleterecord of the file function.php. The manipulation of the argument id leads to sql injection. VDB-220346 is the identifier assigned to this...

PT-2023-16464 · Sourcecodester · Sourcecodester Medical Certificate Generator App

Name of the Vulnerable Software and Affected Versions: SourceCodester Medical Certificate Generator App version 1.0 Description: A critical issue has been found in the function delete record of the file function.php. The manipulation of the argument id leads to SQL injection. Recommendations: For...

CVE-2022-32417

PbootCMS v3.1.2 was discovered to contain a remote code execution RCE vulnerability via the function parserIfLabel at function.php...

CVE-2022-32417

PbootCMS v3.1.2 was discovered to contain a remote code execution RCE vulnerability via the function parserIfLabel at function.php...

CVE-2022-32417

PbootCMS v3.1.2 contains a remote code execution (RCE) vulnerability in parserIfLabel() within function.php, as identified for CVE-2022-32417. The affected software is PbootCMS (core version 3.1.2). Reported impact includes remote code execution with potential full host compromise; CVSS v3.1 vect...

CVE-2022-32417

PbootCMS v3.1.2 was discovered to contain a remote code execution RCE vulnerability via the function parserIfLabel at function.php...

CVE-2022-24608

Luocms v2.0 is affected by Cross Site Scripting XSS in /admin/news/sortadd.php and /inc/function.php...

CVE-2022-24608

Luocms v2.0 is affected by Cross Site Scripting XSS in /admin/news/sortadd.php and /inc/function.php...

CVE-2022-24608

CVE-2022-24608 affects Luocms v2.0 with Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php. The root cause is lack of input validation/filtering and unsafe output of user-supplied data, enabling an attacker to inject JavaScript code that could be executed in the client b...

Cross site scripting

An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via getrequest in lib/function.php...

Cross site request forgery (csrf)

The acxasmwsaveordercallback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant socialwidgeticonarrayorder XSS...

CVE-2018-6357

The acxasmwsaveordercallback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant socialwidgeticonarrayorder XSS...

InfraPower PPS-02-S Q213V1 Authentication Bypass Vulnerability

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

Sql injection

The EyesOfNetwork web interface aka eonweb 5.1-0 has SQL injection via the username parameter to module/adminuser/addmodifyuser.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php...

CVE-2017-14402

The EyesOfNetwork web interface aka eonweb 5.1-0 has SQL injection via the username parameter to module/adminuser/addmodifyuser.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php...

zzcms admin/logincheck.php SQL injection vulnerability

inc/function.php 72 line php function getip if getenv"HTTPCLIENTIP" && strcasecmpgetenv"HTTPCLIENTIP", "unknown" $ip = getenv"HTTPCLIENTIP"; else if getenv"HTTPXFORWARDEDFOR" && strcasecmpgetenv"HTTPXFORWARDEDFOR", "unknown" $ip = getenv"HTTPXFORWARDEDFOR"; else if getenv"REMOTEADDR" &&...

InfraPower PPS-02-S Q213V1 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications InfraPower PPS-02-S Q213V1 Authentication Bypass Vulnerability Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summar...

InfraPower PPS-02-S Q213V1 - Authentication Bypass

InfraPower PPS-02-S Q213V1 - Authentication Bypass InfraPower PPS-02-S Q213V1 Authentication Bypass Vulnerability Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary:...

InfraPower PPS-02-S Q213V1 - Authentication Bypass

InfraPower PPS-02-S Q213V1 Authentication Bypass Vulnerability Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary: InfraPower Manager PPS-02-S is a FREE built-in GUI ...

Rips Scanner v0.5-function.php文件-本地文件包含漏洞

No description provided by source...