CVE-2023-3560

A vulnerability, which was classified as problematic, has been found in GZ Scripts Ticket Booking Script 1.8. Affected by this issue is some unknown functionality of the file /load.php. The manipulation of the argument firstname/secondname/phone/address1/country leads to cross site scripting. The...

CVE-2012-2109

SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activitywidgetfilter action...

CVE-2023-3757

A vulnerability classified as problematic has been found in GZ Scripts Car Rental Script 1.8. Affected is an unknown function of the file /EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/showheader=T/local=3. The manipulation of the argument...

CVE-2023-3560

A vulnerability, which was classified as problematic, has been found in GZ Scripts Ticket Booking Script 1.8. Affected by this issue is some unknown functionality of the file /load.php. The manipulation of the argument firstname/secondname/phone/address1/country leads to cross site scripting. The...

CVE-2023-3559

A vulnerability classified as problematic was found in GZ Scripts PHP GZ Appointment Scheduling Script 1.8. Affected by this vulnerability is an unknown functionality of the file /load.php. The manipulation of the argument firstname/secondname/phone/address1/country leads to cross site scripting...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in GZ Scripts Ticket Booking Script 1.8. Affected by this issue is some unknown functionality of the file /load.php. The manipulation of the argument firstname/secondname/phone/address1/country leads to cross site scripting. The...

CVE-2023-3560 GZ Scripts Ticket Booking Script load.php cross site scripting

A vulnerability, which was classified as problematic, has been found in GZ Scripts Ticket Booking Script 1.8. Affected by this issue is some unknown functionality of the file /load.php. The manipulation of the argument firstname/secondname/phone/address1/country leads to cross site scripting. The...

CVE-2023-3543

A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.8. It has been classified as problematic. This affects an unknown part of the file load.php of the component HTTP POST Request Handler. The manipulation of the argument cid/firstname/secondname/address1/country leads to...

Cross site scripting

A vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file /load.php. The manipulation of the argument firstname/secondname/phone/address1/country leads to cross site scripting. The attack ca...

Cross site scripting

A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.8. It has been classified as problematic. This affects an unknown part of the file load.php of the component HTTP POST Request Handler. The manipulation of the argument cid/firstname/secondname/address1/country leads to...

CVE-2023-3544 GZ Scripts Time Slot Booking Calendar PHP load.php cross site scripting

A vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file /load.php. The manipulation of the argument firstname/secondname/phone/address1/country leads to cross site scripting. The attack ca...

CVE-2023-3543 GZ Scripts Availability Booking Calendar PHP HTTP POST Request load.php cross site scripting

A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.8. It has been classified as problematic. This affects an unknown part of the file load.php of the component HTTP POST Request Handler. The manipulation of the argument cid/firstname/secondname/address1/country leads to...

PT-2023-25217 · Unknown · Gz Scripts Time Slot Booking Calendar Php

Name of the Vulnerable Software and Affected Versions: GZ Scripts Time Slot Booking Calendar PHP version 1.8 Description: A vulnerability was found in the software, affecting unknown code of the file /load.php. The manipulation of the arguments first name, second name, phone, address 1, country...

Time Slot Booking Calendar PHP 跨站脚本漏洞

Time Slot Booking Calendar PHP is a GZ Scripts open source time booking calendar system . GZ Scripts Time Slot Booking Calendar PHP version 1.8 cross-site scripting vulnerability , the vulnerability stems from the file /load.php parameters firstname/secondname/phone/address1/country will lead to...

WAP Music CMS 1.0.2 SQL Injection

========================================================== + Title :- WAP MUSIC CMS - SQL INJECTION + Date :- 24 - MAR - 2016 + Vendor Homepage :- www.wapforum.org + Version :- All Versions + Tested on :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows + Category :- webapps + Google Dorks :-...

Gwolle Guestbook WordPress Plugin Remote File Inclusion Vulnerability

Gwolle Guestbook WordPress is a visiting message board plugin for WordPress sites. Gwolle Guestbook WordPress 1.5.3 and earlier versions do not effectively filter the value of the "abspath" HTTP GET parameter, used in the PHP require function, which allows remote attackers to include a file named...

Wordpress Mini Mail Dashboard Widget Plugin 1.36 Remote File Inclusion

No description provided by source. Exploit Title: Mini Mail Dashboard Widget Wordpress plugin RFI Google Dork: inurl:wp-content/plugins/mini-mail-dashboard-widget Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing Software Link:...

Horizon QCMS "/lib/functions/d-load.php"目录遍历漏洞

CVE ID:CVE-2013-7138 Horizon QCMS是支持PHP与MySQL的开放源码的Horizon快速内容管理系统。 该漏洞的存在是由于传递到"/lib/functions/d-load.php"脚本的"start" HTTP GET参数"fopen"方法中被使用前没有足够过滤，远程攻击者可以以Web服务器的权限在目标系统上读取任意文件内容。 0 Horizon QCMS=4.0 厂商补丁： Horizon ----- Horizon 4.0版本以修复此漏洞，建议用户下载使用：...

CVE-2012-2109

The CVE-2012-2109 entry relates to a SQL injection in the BuddyPress WordPress plugin (1.5.x before 1.5.5) triggered via the page parameter in an activity_widget_filter action. Affected component is BuddyPress plugin for WordPress; root cause is unsafely constructed SQL from user-controllable inp...

CVE-2011-1128

The loadUserSettings function in Load.php in Simple Machines Forum SMF before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack...