10 matches found
CVE-2024-27685
SQL Injection vulnerability in Student Record system Using PHP and MySQL v.3.20 allows a remote attacker to obtain sensitive information via a crafted payload to the $cshortname, $cfullname, and $cdate variables...
CVE-2024-30986
Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and via "price" and "sname" parameter...
BloofoxCMS Cross-Site Request Forgery Vulnerability
BloofoxCMS is a free open source PHP + MySQL based Web content management system . A cross-site request forgery vulnerability exists in BloofoxCMS version 0.5.2.1. An attacker can exploit this vulnerability by using mode=settings&page=editor to change the content of arbitrary files...
mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user
A vulnerability was found in mariadb and in the mysql wsrep patch that allows remote code execution. A user with SUPER privileges could execute arbitrary shell commands in the context of the mariadb server process...
XSS vulnerability in the open-source version of UX365 website navigation
Youkai 365 Web site navigation open source version is an open source web site based on PHP + MYSQL development and construction of category management system . Uke 365 URL navigation open source version of the existence of XSS vulnerabilities , attackers can exploit the vulnerability to obtain us...
UX365 website category navigation system v1.3.4ar***.php file has xss vulnerability
Uc365 website classification navigation system is a navigation management system based on PHP + MYSQL development and construction. An xss vulnerability exists in the file ar.php in the Uke365 website category navigation system v1.3.4, which can be exploited by an attacker to obtain administrator...
Arbitrary File Download Vulnerability in Ctcms
Ctcms is a fast website building system that runs on PHP+MYSQL environment. Ctcms has an arbitrary file download vulnerability. An attacker can exploit this vulnerability to download arbitrary files...
Amazon Linux AMI : mysql51 (ALAS-2017-800)
It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server...
Updated mariadb packages fix security vulnerabilities
A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user CVE-2016-6663. This update fixes several vulnerabilitie...
[EXPL] ITA Forum SQL Injection
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...