115 matches found
Ingredients Stock Management System SQL注入漏洞
Ingredients Stock Management System is an ingredient stock management system from Carlo Montero's personal developer. v1.0 of the Ingredients Stock Management System is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in the month parameter of...
PT-2022-23555 · Unknown · Ingredients Stock Management System
Name of the Vulnerable Software and Affected Versions: Ingredients Stock Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the month parameter at the "/admin/?page=reports/stockout&month=" endpoint...
Ingredients Stock Management System SQL注入漏洞
Ingredients Stock Management System is an ingredient stock management system from Carlo Montero's personal developer. v1.0 of the Ingredients Stock Management System is vulnerable to SQL injection, which originates from the /admin/?page= reports/stockout&month= is missing validation of external...
Exploit for SQL Injection in School_Dormitory_Management_System_Project School_Dormitory_Management_System
CVE-2022-30510 School Dormitory Management System 1.0 - Unauth...
CVE-2022-30886
School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/dailycollectionreport.php...
CVE-2022-0785
The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the getmonthlytimetable AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...
WordPress the-holiday-calendar plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. the-holiday-calendar plugin is used in one of the calendar plugin . A cross-site scripting vulnerability exists i...
Cross site scripting
XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter...
CVE-2015-5533
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpdkeepmonth parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow...
CVE-2016-7840
Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter...
Cross site scripting
Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter...
CVE-2016-7840
Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter...
CVE-2016-7840
CVE-2016-7840 is a Cross-site Scripting (XSS) vulnerability in WEB SCHEDULE (Olive Design). The issue arises from a flaw in processing the month parameter, allowing remote actors to inject arbitrary web script or HTML. Documented references (JVN entries) describe CWE-79 and indicate impact on the...
WEB SCHEDULE vulnerable to cross-site scripting
Overview WEB SCHEDULE provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the month parameter. Impact An artbitrary script may be executed on the user's web browser. Solution Do not use WEB SCHEDULE WEB SCHEDULE is no longer being developed or...
BirdBlog 1.4 /admin/entries.php month Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21184/info BirdBlog is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...
Hero Framework 3.69 Cross Site Scripting
Hero Framework 3.69 Remote Reflected Cross-Site Scripting Vulnerability Vendor: Electric Function, Inc. Product web page: http://www.heroframework.com Affected version: 3.69 Summary: Hero formerly Caribou CMS is a white label, open source PHP website content management system CMS and development...
CVE-2009-0337
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the 1 month and 2 year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Sql injection
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the 1 month and 2 year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-4620
SQL injection vulnerability in Meeting Room Booking System MRBS before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to 1 month.php, and possibly 2 day.php and 3 week.php...
CVE-2008-3921
Multiple cross-site scripting XSS vulnerabilities in AWStats Totals 1.0 through 1.14 allow remote attackers to inject arbitrary web script or HTML via the 1 month and 2 year parameter...