39 matches found
safe-eval 安全漏洞
safe-eval is a safer version of the eval function from the Hage Yaapa Personal Developer. safe-eval has a security vulnerability that stems from improper cleaning of input...
Online Computer and Laptop Store Path Traversal Vulnerability
Online Computer and Laptop Store is an online computer and laptop store from Carlo Montero's personal developer. A path traversal vulnerability exists in Online Computer and Laptop Store v1.0. The vulnerability stems from the fact that the parameter path in the file /classes/Master.php?f=deleteim...
media-server 资源管理错误漏洞
media-server is a library by Chen Personal Developer. A security vulnerability exists in media-server, which stems from a post-release reuse vulnerability that can be exploited by an attacker to cause a denial of service...
phoenixcf SQL注入漏洞
phoenixcf is an application by iamdroppy Personal Developer. phoenixcf suffers from a SQL injection vulnerability. An attacker could exploit this vulnerability to cause a sql injection...
Super Xray Code Issue Vulnerability
Super Xray is an excellent vulnerability scanning tool by 4ra1n individual developers. A code issue exists in versions of Super Xray prior to 0.7, which stems from a program configuration that confirms that trusted inputs will be stored in a yaml file, which can be exploited by an attacker with...
Sanitization Management System 访问控制错误漏洞
Sanitization Management System is a sanitization management system by Carlo Montero Personal Developer. An access control error vulnerability exists in Sanitialization Management System version 1.0 that stems from insufficient authentication...
Food Ordering Management System SQL Injection Vulnerability
Food Ordering Management System is a food ordering management system from Carlo Montero's personal developer. The Food Ordering Management System is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements by username, and can be exploited by attackers...
Ingredients Stock Management System SQL Injection Vulnerability (CNVD-2023-11178)
Ingredients Stock Management System is an ingredient stock management system from Carlo Montero's personal developer. A SQL injection issue exists in the id parameter of the /stocks/manage stockin.php location. No detailed vulnerability details are available at this time...
Product Show Room Site SQL Injection Vulnerability (CNVD-2022-77045)
Product Show Room Site is a kind of product show room website by Carlo Montero's personal developer. product show room site v1.0 version exists SQL injection vulnerability, the vulnerability originates from the existence of the id parameter in /psrs/?p=products/viewproduct&id SQL injection, an...
Product Show Room Site SQL Injection Vulnerability (CNVD-2022-77046)
Product Show Room Site is a product showroom website from Carlo Montero's personal developer. Product Show Room Site v1.0 is vulnerable to SQL injection, which originates from a SQL injection in the /psrs/classes/Master.php?f=deleteproduct The vulnerability is caused by SQL injection of the id...
flask-file-server path traversal vulnerability
flask-file-server is a file server with a front-end for browsing, uploading, and streaming files from Wildog Personal Developer. flask-file-server 2020-02-20 and earlier versions are vulnerable to a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly...
validate-data denial-of-service vulnerability (CNVD-2022-66399)
validate-data is a NodeJs backend library by Anoop P R Individual Developer. It is used to validate data according to the provided rules. A denial of service vulnerability exists in validate-data version v0.1.1, which stems from not properly handling incoming error messages and can be exploited b...
Fast Food Ordering System SQL Injection Vulnerability (CNVD-2022-48945)
Fast Food Ordering System is a fast food ordering system from Carlo Montero's personal developer. version 1.0 of Fast Food Ordering System is vulnerable to SQL injection, which originates from /ffos/admin/categories/managecategory .php?id=The page lacks validation for external input SQL statement...
Online Fire Reporting System SQL注入漏洞
Online Fire Reporting System is an online fire reporting system from Carlo Montero's personal developer. version v1.0 of Online Fire Reporting System is vulnerable to SQL injection, which originates from /ofrs/classes/Master.php?f= deleteteam lacks validation of external input SQL statements, whi...
Prison Management System 跨站脚本漏洞
Prison Management System is a prison management system from Carlo Montero's personal developer. version 1.0 of Prison Management System contains a cross-site scripting vulnerability that could be exploited to inject arbitrary html and script code into a website...
Online Sports Complex Booking System SQL注入漏洞(CNVD-2022-58665)
Online Sports Complex Booking System is an online stadium booking system from Carlo Montero's personal developer. Online Sports Complex Booking System v1.0 is vulnerable to SQL injection, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...
Simple Client Management System SQL注入漏洞(CNVD-2022-57777)
Simple Client Management System is a simple client management system from Carlo Montero's personal developer. version 1.0 of Simple Client Management System is vulnerable to SQL injection, which originates from a vulnerability in /cms/classes/Users.php ? f=delete in the post request id parameter...
Insurance Management System SQL Injection Vulnerability (CNVD-2022-85115)
Insurance Management System is an insurance management system from the personal developer Angel Jude Reyes Suarez. Insurance Management System 1.0 is vulnerable to SQL injection, which could be exploited by attackers to obtain information about data in the target system...
Shopkit Cross-Site Scripting Vulnerability
Shopkit is an open source Kirby Cms version 2 integrated commerce solution from the Canadian personal developer Sam Nabi.Shopkit version 2.7 contains a cross-site scripting vulnerability that could be exploited by attackers to hijack user credentials via a carefully crafted payload in an email te...