CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

75 matches found

CNNVD•added 2023/04/15 12:0 a.m.•2 views

Sourcecodester Vehicle Service Management System SQL注入漏洞

Sourcecodester Vehicle Service Management System is an open source PHP project. A simple web application for automotive repair/service stores or businesses. SourceCodester Vehicle Service Management System version 1.0 SQL injection vulnerability , the vulnerability stems from the...

9.8CVSS7.1AI score0.00339EPSS

Exploits1References4

OSV•added 2023/02/18 2:15 a.m.•3 views

CVE-2022-40348

Cross Site Scripting XSS vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code...

5.4CVSS6AI score0.0066EPSS

Exploits1References3

OSV•added 2022/11/28 10:15 p.m.•2 views

CVE-2022-45214

A cross-site scripting XSS vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php...

6.1CVSS5.9AI score0.00247EPSS

Exploits1References1

CNNVD•added 2022/09/22 12:0 a.m.•2 views

Online Pet Shop We App SQL注入漏洞

Online Pet Shop We App is an online pet store web application by Carlo Montero Personal Developer. A SQL injection vulnerability exists in Online Pet Shop We App v1.0, which originates from /petshop/classes/Master.php?f=deletecategory page id parameter is susceptible to SQL injection...

7.2CVSS7.3AI score0.00274EPSS

Exploits1References2

OSV•added 2022/09/02 5:15 a.m.•3 views

CVE-2022-36637

Garage Management System v1.0 was discovered to contain a persistent cross-site scripting XSS vulnerability via the brandname parameter at /brand.php...

5.4CVSS5.7AI score0.00224EPSS

Exploits1References2

OSV•added 2022/08/30 9:15 p.m.•2 views

CVE-2022-36732

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /librarian/dele.php...

9.8CVSS5.8AI score0.00264EPSS

Exploits1References1

ATTACKERKB•added 2022/07/14 10:15 p.m.•1 views

CVE-2022-32416

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=deleteproduct...

7.2CVSS7.2AI score0.00274EPSS

Exploits1References2

CNNVD•added 2022/05/24 12:0 a.m.•4 views

Toll-tax-management-system 跨站脚本漏洞

Toll-tax-management-system is a toll tax management system by the individual developer Carlo Montero. A security vulnerability exists in Toll-tax-management-system version 1.0, which stems from a cross-site scripting XSS attack in /ttms/classes/Master.php?f=saverecipient, vehiclename...

5.4CVSS5.3AI score0.00206EPSS

Exploits1References2

ATTACKERKB•added 2022/05/20 1:15 p.m.•1 views

CVE-2022-26633

Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php...

9.8CVSS5.9AI score0.00373EPSS

Exploits1References2

OSV•added 2022/05/13 3:15 p.m.•2 views

CVE-2022-30408

Covid-19 Travel Pass Management System v1.0 is vulnerable to file deletion via /ctpms/classes/Master.php?f=deleteimg...

6.5CVSS5.8AI score0.00339EPSS

Exploits1References1

OSV•added 2022/04/21 8:15 p.m.•2 views

CVE-2022-28028

Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=deleteamenity...

9.8CVSS5.8AI score0.00309EPSS

Exploits1References1

ATTACKERKB•added 2022/04/15 8:15 p.m.•1 views

CVE-2022-27423

Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blogid parameter at /blog/blog.php...

9.8CVSS6AI score0.0043EPSS

Exploits0References2

OSV•added 2022/03/15 6:15 p.m.•2 views

CVE-2022-25487

Atom CMS v2.0 was discovered to contain a remote code execution RCE vulnerability via /admin/uploads.php...

9.8CVSS6.3AI score

Exploits0References2

ATTACKERKB•added 2022/02/01 7:15 p.m.•2 views

CVE-2022-24221

eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php...

9.8CVSS7.4AI score0.00264EPSS

Exploits1References2

CNNVD•added 2021/12/14 12:0 a.m.•1 views

GlFusion Cms 跨站请求伪造漏洞

GlFusion Cms is a content management and publishing system. A security vulnerability exists in glFusion CMS v1.7.9 that allows attackers to conduct csrf attacks via /publichtml/admin/plugins/badbehavior2/blacklist.php...

4.3CVSS5.1AI score0.00098EPSS

Exploits1References2

OSV•added 2021/09/10 2:15 p.m.•2 views

CVE-2021-38337

The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1...

6.1CVSS5.8AI score0.00288EPSS

Exploits1References2

OSV•added 2021/06/08 7:15 p.m.•2 views

CVE-2021-26472

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges...

9.8CVSS7.5AI score0.10709EPSS

Exploits0References4

CNNVD•added 2021/06/03 12:0 a.m.•2 views

zzcms zzcms 跨站脚本漏洞

ZZCMS is the content management system of Webmaster Merchants. A cross-site scripting vulnerability exists in /user/manage.php in ZZCMS version 2020. An attacker can exploit this vulnerability to insert and execute arbitrary JS code...

5.4CVSS5.6AI score0.00206EPSS

Exploits1References1

OSV•added 2021/03/23 2:15 p.m.•3 views

CVE-2021-27530

A cross-site scripting XSS vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php...

4.8CVSS5.8AI score

Exploits0References1

OSV•added 2020/09/24 4:15 p.m.•2 views

CVE-2020-12281

iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php...

6.5CVSS6.7AI score

Exploits0References2