CVE-2024-2497

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

CVE-2024-2497

RaspAP raspap-webgui 3.0.9 contains a code injection vulnerability in includes/provider.php via the HTTP POST parameter country, enabling remote code execution. Exploitation is possible over the network and public disclosures exist. A remediation is available: upgrade to billz/raspap-webgui 3.1.0...

CVE-2024-2482

A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /checkavailability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword lea...

CVE-2024-2482

CVE-2024-2482 affects Surya2Developer Hostel Management Service 1.0, via the HTTP POST Request Handler in the file /check_availability.php. The vulnerability arises from manipulation of the argument named oldpassword, causing an observable response discrepancy. Impact details in the provided sour...

CVE-2024-2272

A vulnerability classified as critical was found in keerti1924 Online-Book-Store-Website 1.0. This vulnerability affects unknown code of the file /home.php of the component HTTP POST Request Handler. The manipulation of the argument productname leads to sql injection. The attack can be initiated...

Sql injection

A vulnerability classified as critical has been found in keerti1924 Online-Book-Store-Website 1.0. This affects an unknown part of the file /shop.php of the component HTTP POST Request Handler. The manipulation of the argument productname leads to sql injection. It is possible to initiate the...

Sql injection

A vulnerability classified as critical was found in keerti1924 Online-Book-Store-Website 1.0. This vulnerability affects unknown code of the file /home.php of the component HTTP POST Request Handler. The manipulation of the argument productname leads to sql injection. The attack can be initiated...

CVE-2024-2272

CVE-2024-2272 affects the keerti1924 Online-Book-Store-Website v1.0. The vulnerability resides in the HTTP POST handler for /home.php where manipulating the product_name parameter enables an SQL injection. The issue is remote and has publicly disclosed exploits. References consistently identify t...

CVE-2024-2271

The CVE-2024-2271 entry affects keerti1924 Online-Book-Store-Website 1.0. A vulnerability in the HTTP POST Request Handler affects the /shop.php file, where the product_name parameter is susceptible to SQL injection. The issue can be exploited remotely, and public disclosures of the exploit exist...

CVE-2024-2168

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/operations/expensecategory.php of the component HTTP POST Request Handler. The manipulation of the argument status leads...

CVE-2024-2168 SourceCodester Online Tours & Travels Management System HTTP POST Request expense_category.php sql injection

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/operations/expensecategory.php of the component HTTP POST Request Handler. The manipulation of the argument status leads...

CVE-2024-2168

CVE-2024-2168 pertains to SourceCodester Online Tours & Travels Management System 1.0. Affects an unknown function in the file /admin/operations/expense_category.php on the HTTP POST Request Handler, where manipulating the status argument triggers a SQL injection. The vulnerability allows remote ...

CVE-2024-1196

A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site...

CVE-2024-1196 SourceCodester Testimonial Page Manager HTTP POST Request add-testimonial.php cross site scripting

A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site...

CVE-2024-0769

CVE-2024-0769 corresponds to a path-traversal vulnerability in D-Link DIR-859 routers (affected file: /hedwig.cgi). Connected sources confirm the issue is triggered by manipulating the service argument with ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml, enabling remote access. The affected...

CVE-2024-0733

A vulnerability was found in Smsot up to 2.12. It has been classified as critical. Affected is an unknown function of the file /api.php of the component HTTP POST Request Handler. The manipulation of the argument datasign leads to sql injection. It is possible to launch the attack remotely. The...

Sql injection

A vulnerability was found in Smsot up to 2.12. It has been classified as critical. Affected is an unknown function of the file /api.php of the component HTTP POST Request Handler. The manipulation of the argument datasign leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2024-0718

A vulnerability, which was classified as problematic, has been found in liuwy-dlsdys zhglxt 4.7.7. This issue affects some unknown processing of the file /oa/notify/edit of the component HTTP POST Request Handler. The manipulation of the argument notifyTitle leads to cross site scripting. The...

CVE-2024-0718

A vulnerability, which was classified as problematic, has been found in liuwy-dlsdys zhglxt 4.7.7. This issue affects some unknown processing of the file /oa/notify/edit of the component HTTP POST Request Handler. The manipulation of the argument notifyTitle leads to cross site scripting. The...

CVE-2024-0530

A vulnerability was found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /apps/reggo.php of the component HTTP POST Request Handler. The manipulation of the argument usernamereg leads to sql injection. The exploit has...