130 matches found
CVE-2025-8967 itsourcecode Online Tour and Travel Management System packages.php sql injection
A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of the argument pname leads to sql injection. It is possible to launch the attack remotely. The exploit has bee...
Online Hotel Reservation System messageexec.php File SQL Injection Vulnerability
Online Hotel Reservation System is a simple online hotel reservation system. Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Name in the file /messageexec.php. The...
Regular Expression Denial of Service (ReDoS) in AdamWeightDecay Optimizer
The AdamWeightDecay optimizer is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker can control the patterns in the includeinweightdecay or excludefromweightdecay lists, they can provide a malicious regular expression that causes catastrophic backtracking. When the optimizer...
Thinkgem JeeSite 代码问题漏洞
Thinkgem JeeSite is an open source Java EE enterprise-class rapid development platform of China Joyuan Thinkgem company . The platform includes system permissions components , data permissions components , data dictionary components , core tools components , view manipulation components , workflo...
CVE-2024-10809
A vulnerability was found in code-projects E-Health Care System 1.0 and classified as critical. This issue affects some unknown processing of the file /Doctor/chat.php. The manipulation of the argument name/message leads to sql injection. The attack may be initiated remotely. The exploit has been...
CVE-2021-21635
Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2020-18667
SQL Injection vulnerability in WebPort =1.19.1 via the new connection, parameter name in type-conn...
CampCodes Online Shopping Portal 注入漏洞
CampCodes Online Shopping Portal is an online shopping portal from CampCodes, Inc. CampCodes Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Name in the file /my-account.php. An attacker...
Redmine 代码注入漏洞
Redmine is an open source set of open source Web-based project management and defect tracking tools from Redmine Open Source. The product provides features such as project management, issue tracking and role-based access control. A code injection vulnerability exists in Redmine versions 6.0.0,...
CVE-2025-28032
TOTOLINK A800R V4.1.2cu.5137B20200730, A810R V4.1.2cu.5182B20201026, A830R V4.1.2cu.5182B20201102, A950RG V4.1.2cu.5161B20200903, A3000RU V5.9c.5185B20201128, and A3100R V4.1.2cu.5247B20211129 contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpForm paramet...
admintwo 安全漏洞
admintwo is an application by the individual developer xujiangfei. A security vulnerability exists in version 1.0 of admintwo, which stems from an incorrect manipulation of the parameter Name that can lead to cross-site scripting...
Cross-site Scripting (XSS)
Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Scripting XSS through the modification of the parameter name in /account/login. An attacker can modify the HTML content of the victim's browser by sending a malicious URL. Details...
Cross-site Scripting (XSS)
Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Scripting XSS through the modification of the parameter name in /account/register. An attacker can modify the HTML content of the victim's browser by sending a malicious URL. Detail...
CVE-2023-51308
PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, pluginsmsapikey, pluginsmscountrycode, title, pluginsmsapikey, title" parameters...
Codezips Gym Management System 注入漏洞
Codezips Gym Management System is an open source gym management system from Codezips. An injection vulnerability exists in Codezips Gym Management System version 1.0, which stems from the fact that incorrect manipulation of the parameter name can lead to SQL injection...
PT-2025-2195 · WordPress · Survey Maker
Name of the Vulnerable Software and Affected Versions: Survey Maker plugin for WordPress versions up to, and including, 5.1.3.3 Description: The issue is related to Stored Cross-Site Scripting via the ays sections5questions8title parameter due to insufficient input sanitization and output escapin...
reggie 路径遍历漏洞
reggie is a takeaway website by 1902756969 individual developers. A path traversal vulnerability exists in reggie version 1.0, which stems from a path traversal in the parameter name...
Codezips Project Management System 注入漏洞
Codezips Project Management System is an open source project management system from Codezips. An injection vulnerability exists in Codezips Project Management System version 1.0, which originates from a SQL injection in the parameter name...
SourceCodester Multi Role Login System 安全漏洞
SourceCodester Multi Role Login System is a SourceCodester open source multi-role login system. A security vulnerability exists in SourceCodester Multi Role Login System version 1.0, which originates from the parameter name in the file /endpoint/add-user.php that can lead to cross-site scripting...
PT-2024-17803 · Unknown · Simple Admin Panel
Name of the Vulnerable Software and Affected Versions: code-projects Simple Admin Panel version 1.0 Description: A vulnerability was found in the Simple Admin Panel, affecting some unknown functionality of the file updateItemController.php. The manipulation of the argument p name/p desc leads to...