CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values

A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to...

CVE-2024-6957 itsourcecode University Management System Login functions.php sql injection

A vulnerability classified as critical has been found in itsourcecode University Management System 1.0. This affects an unknown part of the file functions.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely...

CVE-2024-6957 itsourcecode University Management System Login functions.php sql injection

A vulnerability classified as critical has been found in itsourcecode University Management System 1.0. This affects an unknown part of the file functions.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely...

CVE-2024-32392

Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote attacker to execute arbitrary code via the functions.php component...

CVE-2024-32392

Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote attacker to execute arbitrary code via the functions.php component...

CVE-2024-32392

CVE-2024-32392 affects CmSimple v5.15 with a Cross-Site Scripting flaw in the functions.php component. The Red Hat, CNVD, CNNVD, CVE listings and PT-Security notes confirm a remote attacker could trigger arbitrary code execution via crafted input. Root cause cited as insufficient input filtering/...

CVE-2024-28662

A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in createtag in admin/include/functions.php...

CVE-2024-28662

A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in createtag in admin/include/functions.php...

PT-2023-30218 · Unknown · Online Matrimonial Project

Name of the Vulnerable Software and Affected Versions: Online Matrimonial Project version 1.0 Description: The issue concerns unauthenticated SQL Injection vulnerabilities. Specifically, the filename attribute of the pic3 multipart parameter in the functions.php resource does not validate the...

CVE-2023-46793

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'day' parameter in the 'register' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database...

Sql injection

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'day' parameter in the 'register' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-46797

CVE-2023-46797 is rejected/not used; this CVE entry does not represent an active vulnerability.

CVE-2023-46788

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter in the 'uploadphoto' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-46789

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic1' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database...

Sql injection

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter in the 'uploadphoto' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database...

Sql injection

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic1' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-46795

CVE-2023-46795 is rejected and does not represent an active vulnerability entry.

CVE-2023-46789 Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic1' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-46788 Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter in the 'uploadphoto' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database...

PT-2023-30217 · Unknown · Online Matrimonial Project

Name of the Vulnerable Software and Affected Versions: Online Matrimonial Project version 1.0 Description: The issue concerns unauthenticated SQL injection vulnerabilities. Specifically, the filename attribute of the pic1 multipart parameter in the functions.php resource does not validate the...