CVE-2024-27685

SQL Injection vulnerability in Student Record system Using PHP and MySQL v.3.20 allows a remote attacker to obtain sensitive information via a crafted payload to the $cshortname, $cfullname, and $cdate variables...

CVE-2024-30986

Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and via "price" and "sname" parameter...

BloofoxCMS Cross-Site Request Forgery Vulnerability

BloofoxCMS is a free open source PHP + MySQL based Web content management system . A cross-site request forgery vulnerability exists in BloofoxCMS version 0.5.2.1. An attacker can exploit this vulnerability by using mode=settings&page=editor to change the content of arbitrary files...

UX365 website category navigation system v1.3.4ar***.php file has xss vulnerability

Uc365 website classification navigation system is a navigation management system based on PHP + MYSQL development and construction. An xss vulnerability exists in the file ar.php in the Uke365 website category navigation system v1.3.4, which can be exploited by an attacker to obtain administrator...

Arbitrary File Download Vulnerability in Ctcms

Ctcms is a fast website building system that runs on PHP+MYSQL environment. Ctcms has an arbitrary file download vulnerability. An attacker can exploit this vulnerability to download arbitrary files...

[EXPL] ITA Forum SQL Injection

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...