412 matches found
CVE-2021-26232
SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL statements via the id parameter to news.php...
Sql injection
SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL statements via the id parameter to news.php...
CVE-2021-26232
SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL statements via the id parameter to news.php...
CVE-2021-26232
The CVE-2021-26232 entry concerns SourceCodester Simple College Website v1.0. The vulnerability is a SQL injection in News.php via the id parameter, enabling remote attackers to execute arbitrary SQL statements. Affected software: SourceCodester Simple College Website (CMS) v1.0; vulnerable compo...
Sourcecodester Simple College Website SQL注入漏洞
Sourcecodester Simple College Website is a Sourcecodester open source application. A content management system. SourceCodester Simple College Website v 1.0 is vulnerable to SQL injection, which can be exploited by remote attackers to execute arbitrary SQL statements against news.php via the id...
CVE-2020-10479
CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request...
CVE-2020-10407
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-news.php by adding a question mark ? followed by the payload...
CVE-2020-10397
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-news.php by adding a question mark ? followed by the payload...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-news.php by adding a question mark ? followed by the payload...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-news.php by adding a question mark ? followed by the payload...
Cross site request forgery (csrf)
CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request...
CVE-2020-10494
CVE-2020-10494 is a CSRF vulnerability in Chadha PHPKB Standard Multi-Language 9 affecting the admin/edit-news.php endpoint. Affected component is the news-editing function; root cause is CSRF weakness allowing an attacker to edit a news article when a user with appropriate session interacts with...
CVE-2020-10488
CVE-2020-10488 describes a cross-site request forgery (CSRF) in Chadha PHPKB Standard Multi-Language 9. The vulnerability exists in the admin/manage-news.php endpoint, where a crafted request can cause deletion of a news article. Root cause: CSRF due to insufficient request validation/CSRF protec...
CVE-2020-10479
CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request...
CVE-2020-10479
CVE-2020-10479 affects Chadha PHPKB Standard Multi-Language 9, where a CSRF flaw in admin/add-news.php allows adding a news article via a crafted request. The vulnerability is tied to a CSRF weakness in the /admin/add-news.php endpoint, enabling unauthorized article creation. Affected product/ver...
CVE-2020-10477
CVE-2020-10477 is a reflected Cross-Site Scripting vulnerability affecting Chadha PHPKB Standard Multi-Language 9. The issue occurs in admin/manage-news.php through the GET parameter sort , allowing injection of arbitrary web script or HTML. Root cause: insufficient sanitization of the sort param...
CVE-2020-10468
CVE-2020-10468 is a reflected XSS vulnerability in Chadha PHPKB Standard Multi-Language 9, exploitable via the GET parameter p in admin/edit-news.php. Reported across multiple sources (NVD, Red Hat, CNVD, CVE listings) with the same description: an attacker can inject arbitrary web script or HTML...
CVE-2020-10428
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-news.php by adding a question mark ? followed by the payload...
CVE-2020-10428
CVE-2020-10428 affects Chadha PHPKB Standard Multi-Language 9. The issue is a Reflected XSS in URI handling via admin/header.php, enabling injection of arbitrary script/HTML on several admin pages when a payload is added after a question mark in the URI (e.g., admin/manage-news.php and related pa...
CVE-2020-10407
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-news.php by adding a question mark ? followed by the payload...