CVE-2024-0946

60IndexPage up to version 1.8.5 is affected by a server-side request forgery in the Parameter Handler’s /apply/index.php, caused by manipulation of the url argument. This vulnerability can be exploited remotely and impacts confidentiality, integrity, and availability. Public exploit discussion is...

CVE-2024-0946 60IndexPage Parameter index.php server-side request forgery

A vulnerability classified as critical was found in 60IndexPage up to 1.8.5. This vulnerability affects unknown code of the file /apply/index.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. Th...

CVE-2024-0946 60IndexPage Parameter index.php server-side request forgery

A vulnerability classified as critical was found in 60IndexPage up to 1.8.5. This vulnerability affects unknown code of the file /apply/index.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. Th...

CVE-2024-0945 60IndexPage Parameter file.php server-side request forgery

A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotel...

PT-2024-15926 · Unknown · 60Indexpage

Name of the Vulnerable Software and Affected Versions: 60IndexPage versions up to 1.8.5 Description: A critical issue has been found in the Parameter Handler component of the affected software, specifically in the file /include/file.php. The manipulation of the url argument leads to server-side...

CVE-2024-0303

A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Affected is an unknown function of the file /app/api/controller/caiji.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to launch t...

CVE-2024-0303 Youke365 Parameter caiji.php server-side request forgery

A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Affected is an unknown function of the file /app/api/controller/caiji.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to launch t...

PT-2024-15454 · Youke365 · Youke365

Name of the Vulnerable Software and Affected Versions: Youke365 versions up to 1.5.3 Description: A critical issue was found in the Parameter Handler component, specifically in the file /app/api/controller/caiji.php. The manipulation of the url argument leads to server-side request forgery,...

CVE-2024-0267

A vulnerability classified as critical was found in Kashipara Hospital Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Parameter Handler. The manipulation of the argument email/password leads to sql injection. The atta...

Sql injection

A vulnerability classified as critical was found in Kashipara Hospital Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Parameter Handler. The manipulation of the argument email/password leads to sql injection. The atta...

CVE-2024-0265 SourceCodester Clinic Queuing System GET Parameter index.php file inclusion

A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiate...

PT-2024-15427 · Unknown · Kashipara Hotel Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Hospital Management System versions up to 1.0 Description: A critical vulnerability was found in the Parameter Handler component of the file login.php. The manipulation of the email and password arguments leads to SQL injection. The...

Sql injection

A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimatecountryid leads to sql injection. Th...

CVE-2023-6579 osCommerce POST Parameter shopping-cart sql injection

A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimatecountryid leads to sql injection. Th...

PT-2023-32706 · Unknown · Oscommerce

Name of the Vulnerable Software and Affected Versions: osCommerce 4 affected versions not specified Description: A critical issue has been found in osCommerce 4, affecting some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulati...

CVE-2023-6301 SourceCodester Best Courier Management System GET Parameter parcel_list.php cross site scripting

A vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file parcellist.php of the component GET Parameter Handler. The manipulation of the argument id with the input alert...

Best Courier Management System Cross-Site Scripting Vulnerability

Best Courier Management System is a courier management system by Mayuri K. Individual developer. A cross-site scripting vulnerability exists in SourceCodester Best Courier Management System version 1.0, which stems from the presence of an unknown function in the parcellist.php file in the compone...

CVE-2023-5587

A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /vm/admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads ...

CVE-2023-5272

A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. This affects an unknown part of the file editparcel.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to...

Sql injection

A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. This affects an unknown part of the file editparcel.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to...