543 matches found
Bluecms has an unspecified vulnerability (CNVD-2022-59211)
BlueCMS is a content management system CMS based on PHP and MySQL. a security vulnerability exists in BlueCMS version 1.6, which stems from an SQL injection in line 132 of admin/area.php. No details of the vulnerability are currently available...
SQL injection vulnerability exists in RPCMS (CNVD-2022-64953)
RPCMS is a lightweight content management/blogging system based on PHP MYSQL.RPCMS is vulnerable to SQL injection, which can be exploited by attackers to obtain sensitive database information...
SQL injection vulnerability exists in RPCMS (CNVD-2022-61944)
RPCMS is a lightweight content management/blogging system based on PHP MYSQL.RPCMS is vulnerable to SQL injection, which can be exploited by attackers to obtain sensitive database information...
74cmsSE SQL Injection Vulnerability (CNVD-2022-61442)
74cmsSE is a free open source professional recruitment system based on PHP MYSQL. 74cmsSE is vulnerable to SQL injection, which results from a lack of validation of externally entered SQL statements in the /home/job/map keyword parameter. An attacker could use this vulnerability to execute illega...
74cmsSE SQL Injection Vulnerability (CNVD-2022-61440)
74cmsSE is a free open source professional recruitment system based on PHP MYSQL. 74cmsSE is vulnerable to SQL injection, which results from the lack of validation of external input SQL statements in the /freelance/resumelist keyword parameter. An attacker could use this vulnerability to execute...
74cmsSE SQL Injection Vulnerability (CNVD-2022-61443)
74cmsSE is a free open source professional recruitment system based on PHP MYSQL. 74cmsSE suffers from a SQL injection vulnerability, which originates from a keyword parameter in /home /jobfairol/resumelist that lacks validation for external input SQL statements. An attacker could use this...
74cmsSE SQL Injection Vulnerability (CNVD-2022-61441)
74cmsSE is a free, open source professional recruiting system based on PHP MYSQL. 74cmsSE is vulnerable to SQL injection, which results from a lack of validation of externally entered SQL statements in the /home/job/index keyword parameter. An attacker could use this vulnerability to execute...
74cmsSE SQL Injection Vulnerability
74cmsSE is a free open source professional recruitment system based on PHP MYSQL. 74cmsSE is vulnerable to SQL injection, which results from a lack of validation of externally entered SQL statements in the /home/resume/index keyword parameter. An attacker could use this vulnerability to execute...
SQL Injection Vulnerability in mymps Backend
mymps is a php mysql based website builder. SQL injection vulnerability exists in mymps backend, which can be exploited by attackers to obtain sensitive database information...
GNUBOARD5 Cross-Site Scripting Vulnerability (CNVD-2022-70083)
GNUBOARD5 is a PHP and MySQL-based Web forum system. GNUBOARD5 versions 5.55 and 5.56 are vulnerable to a cross-site scripting vulnerability, which originates in bbs/memberconfirm.php and lacks a data validation filter for user-supplied data and output. An attacker could exploit this vulnerabilit...
CVE-2022-28102
A cross-site scripting XSS vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php...
PT-2022-18810 · Unknown · Php Mysql Admin Panel Generator
Name of the Vulnerable Software and Affected Versions: PHP MySQL Admin Panel Generator version 1 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at the "/edit-db.php" API endpoint. This enables attackers to...
Online Sports Complex Booking System 1.0 SQL Injection
Exploit Title: Online Sports Complex Booking System - 'id' Blind SQL Injection Date: 24/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html...
Online Sports Complex Booking System 1.0 Account Takeover
Exploit Title: Online Sports Complex Booking System - Account Takeover Unauthenticated Date: 24/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Subrion CMS 4.2.1 Cross Site Request Forgery
Exploit Title: Subrion CMS 4.2.1 - Cross Site Request Forgery CSRF Add Amin Date: 2022-02-09 Exploit Author: Aryan Chehreghani Vendor Homepage: https://subrion.org Software Link: https://subrion.org/download Version: 4.2.1 Tested on: Windows 10 About - Subrion CMS : Subrion is a PHP/MySQL based C...
Sourcecodester Mobile Shop System in PHP MySQL Information Disclosure Vulnerability
Sourcecodester Mobile Shop System in PHP MySQL is an online ordering system for Gadget Works developed using PHP/MySQLi. The main goal of this online ordering system is to improve customer convenience. sourcecodester Mobile Shop System in PHP MySQL 1.0 is vulnerable due to a security flaw in the...
CVE-2020-25905
An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in 1 login.php or 2 LoginAsAdmin.php...
Changsha Mito Information Technology Company Limited MetInfo suffers from file upload vulnerability (CNVD-2022-08512)
MetInfo is a php MySQL for the development of enterprise building system. A file upload vulnerability exists in MetInfo of Changsha Mito Information Technology Company Limited, which can be exploited by attackers to gain control of the server...
74 CMS Cross-Site Scripting Vulnerability (CNVD-2021-99667)
74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology Co. 74CMS has a cross-site scripting vulnerability in version v6.0.4, which originates from /index.php?m=&c=help&a=helplist&key missing a data validation filter for user-supplied data and output. An attacker coul...
Sourcecodester Online Event Booking and Reservation System HTML Injection Vulnerability
Sourcecodester Online Event Booking and Reservation System is developed using PHP, MySQL database, HTML, CSS, Javascript, Bootstrap and AdminLTE. The system can be accessed by three types of users, namely system administrators, students and teachers. Sourcecodester Online Event Booking and...