Lucene search
+L

115 matches found

CNNVD
CNNVD
added 2022/08/29 12:0 a.m.5 views

Ingredients Stock Management System SQL注入漏洞

Ingredients Stock Management System is an ingredient stock management system from Carlo Montero's personal developer. v1.0 of the Ingredients Stock Management System is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in the month parameter of...

8.8CVSS7.7AI score0.00866EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/08/29 12:0 a.m.8 views

PT-2022-23555 · Unknown · Ingredients Stock Management System

Name of the Vulnerable Software and Affected Versions: Ingredients Stock Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the month parameter at the "/admin/?page=reports/stockout&month=" endpoint...

8.8CVSS8.7AI score0.00866EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/08/29 12:0 a.m.8 views

Ingredients Stock Management System SQL注入漏洞

Ingredients Stock Management System is an ingredient stock management system from Carlo Montero's personal developer. v1.0 of the Ingredients Stock Management System is vulnerable to SQL injection, which originates from the /admin/?page= reports/stockout&month= is missing validation of external...

8.8CVSS7.7AI score0.00866EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2022/05/25 4:32 p.m.4 views

Exploit for SQL Injection in School_Dormitory_Management_System_Project School_Dormitory_Management_System

CVE-2022-30510 School Dormitory Management System 1.0 - Unauth...

9.8CVSS9.8AI score0.03697EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2022/05/20 1:15 p.m.4 views

CVE-2022-30886

School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/dailycollectionreport.php...

9.8CVSS7.4AI score0.02019EPSS
Exploits1References2
OSV
OSV
added 2022/04/18 6:15 p.m.4 views

CVE-2022-0785

The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the getmonthlytimetable AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...

9.8CVSS5.8AI score0.09103EPSS
Exploits2References1
CNVD
CNVD
added 2018/10/18 12:0 a.m.3 views

WordPress the-holiday-calendar plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. the-holiday-calendar plugin is used in one of the calendar plugin . A cross-site scripting vulnerability exists i...

6.1CVSS5.8AI score0.00986EPSS
Exploits0References1
Prion
Prion
added 2018/10/01 11:29 p.m.8 views

Cross site scripting

XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter...

4.3CVSS6.3AI score0.00986EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/10/23 6:0 p.m.39 views

CVE-2015-5533

SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpdkeepmonth parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow...

7.3AI score0.07166EPSS
Exploits4References6
NVD
NVD
added 2017/04/28 4:59 p.m.13 views

CVE-2016-7840

Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter...

6.1CVSS6.1AI score0.0085EPSS
Exploits0References2
Prion
Prion
added 2017/04/28 4:59 p.m.8 views

Cross site scripting

Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter...

4.3CVSS6.6AI score0.0085EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/04/28 4:0 p.m.18 views

CVE-2016-7840

Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter...

6.1AI score0.0085EPSS
Exploits0References2
CVE
CVE
added 2017/04/28 4:0 p.m.44 views

CVE-2016-7840

CVE-2016-7840 is a Cross-site Scripting (XSS) vulnerability in WEB SCHEDULE (Olive Design). The issue arises from a flaw in processing the month parameter, allowing remote actors to inject arbitrary web script or HTML. Documented references (JVN entries) describe CWE-79 and indicate impact on the...

6.1CVSS6.1AI score0.0085EPSS
Exploits0References2Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/01/06 5:1 a.m.3 views

WEB SCHEDULE vulnerable to cross-site scripting

Overview WEB SCHEDULE provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the month parameter. Impact An artbitrary script may be executed on the user's web browser. Solution Do not use WEB SCHEDULE WEB SCHEDULE is no longer being developed or...

6.1CVSS6.1AI score0.0085EPSS
Exploits0References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

BirdBlog 1.4 /admin/entries.php month Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21184/info BirdBlog is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2011/12/01 12:0 a.m.37 views

Hero Framework 3.69 Cross Site Scripting

Hero Framework 3.69 Remote Reflected Cross-Site Scripting Vulnerability Vendor: Electric Function, Inc. Product web page: http://www.heroframework.com Affected version: 3.69 Summary: Hero formerly Caribou CMS is a white label, open source PHP website content management system CMS and development...

0.2AI score
Exploits0
NVD
NVD
added 2009/01/29 6:30 p.m.17 views

CVE-2009-0337

SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the 1 month and 2 year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

7.5CVSS8.1AI score0.0097EPSS
Exploits0References2
Prion
Prion
added 2009/01/29 6:30 p.m.17 views

Sql injection

SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the 1 month and 2 year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

7.5CVSS8.8AI score0.0097EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2008/10/21 1:18 a.m.3 views

CVE-2008-4620

SQL injection vulnerability in Meeting Room Booking System MRBS before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to 1 month.php, and possibly 2 day.php and 3 week.php...

7.5CVSS6.4AI score0.01042EPSS
Exploits0References6
Cvelist
Cvelist
added 2008/09/04 6:0 p.m.16 views

CVE-2008-3921

Multiple cross-site scripting XSS vulnerabilities in AWStats Totals 1.0 through 1.14 allow remote attackers to inject arbitrary web script or HTML via the 1 month and 2 year parameter...

5.8AI score0.01263EPSS
Exploits0References7
Rows per page
Query Builder