CVE-2025-8784 Portabilis i-Educar Cadastrar Vínculo funcionario_vinculo_cad.php cross site scripting

A vulnerability classified as problematic was found in Portabilis i-Educar up to 2.9. This vulnerability affects unknown code of the file /intranet/funcionariovinculocad.php of the component Cadastrar Vínculo Page. The manipulation of the argument nome leads to cross site scripting. The attack ca...

CVE-2024-24026

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

CVE-2024-12890

A vulnerability was found in code-projects Online Exam Mastering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /update.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. The attack may be initiated remotely. The...

cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding

A server-side request forgery SSRF vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted...

PT-2024-39974 · Code Projects · Code-Projects Pharmacy Management System

Name of the Vulnerable Software and Affected Versions: code-projects Pharmacy Management System version 1.0 Description: A critical issue has been discovered, affecting the file /php/manage customer.php. The manipulation of the text argument leads to SQL injection. This issue can be exploited...

CVE-2023-41448

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component...

Faculty Evaluation System SQL注入漏洞

Faculty Evaluation System is a faculty evaluation system. Faculty Evaluation System v1.0 suffers from a SQL injection vulnerability, which originates from a SQL injection in /eval/admin/viewfaculty.php?id. An attacker can exploit this vulnerability by inserting SQL commands into the query string ...

Online Thesis Archiving System SQL注入漏洞

Online Thesis Archiving System by Carlo Montero Individual Developer provides an online platform to store student theses or capstone projects. A SQL injection vulnerability exists in Campcodes Online Thesis Archiving System version 1.0, which stems from an issue in the file...

CVE-2022-36318

When visiting directory listings for chrome:// URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR 102.1, Firefox ESR 91.12, Firefox 103, Thunderbird 102.1, and Thunderbird 91.12...

Sanitization Management System SQL注入漏洞

Sanitization Management System is a sanitization management system by Carlo Montero Personal Developer. A security vulnerability exists in Sanitization Management System v1.0, which can be exploited by an attacker to perform SQL injection via /php-sms/admin/quotes/manageremark.php?id=...

CVE-2022-29666

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan...

Stack overflow

D-Link DIR-816 A2v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter...

CVE-2021-44127

In DLink DAP-1360 F1 firmware version =v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized...

CVE-2022-25221

Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code...

ShinHer StudyOnline System 安全漏洞

ShinHer StudyOnline System is a school administration system from ShinHer, China. " feature is not controlled by permissions. An attacker could use this vulnerability to access other users' message board content by setting URL parameters after logging in with user privileges...

Sourcecodester SourceCodester Water Billing System SQL注入漏洞

SourceCodester Water Billing System is a water billing system from SourceCodester USA. A SQL injection vulnerability exists in SourceCodester Water Billing System version 1.0, which stems from a failure of the program to properly validate user input, and allows an attacker to perform SQL injectio...

ZyXEL ZyWALL USG Cross-Site Request Forgery Vulnerability

ZyXEL ZyWALL USG is a network security firewall appliance from Hopkins ZyXEL Technology. A cross-site request forgery vulnerability exists in ZyXEL ZyWALL USG version 2.12 AQQ.2 and 3.30 AQQ.7. A remote attacker can exploit this vulnerability by adding user accounts with the help of the 'cmd'...

CVE-2017-6561

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=XSS attack...

SQL Injection Vulnerability in DBSHOP_0.9.3_Beta goodsSearchAction Function

DBShop is an open source e-commerce online store system developed using endFramework. DBSHOP0.9.3Beta goodsSearchAction function SQL injection vulnerability . After obtaining the parameters timesort, clicksort, pricesort, the key name and key value will be spliced into the sql statement to bring ...

Vivid Ads Shopping Cart (prodid) Remote SQL Injection

Exploit for unknown platform in category web applications ===================================================== Vivid Ads Shopping Cart prodid Remote SQL Injection ===================================================== /', $contents, $matches echo'User: ' .$matches1. ';'."\n".'Pass: ' .$matches2...