CVE-2023-2099

A vulnerability classified as problematic has been found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The...

Design/Logic Flaw

An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file...

CVE-2023-26852

An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file...

CVE-2023-1985

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. This issue affects the function savebrand of the file /classes/Master.php?f=savebrand. The manipulation of the argument name leads to sql injection. The attack may be initiate...

PT-2023-20788 · Unknown · Sales Tracker Management System

Name of the Vulnerable Software and Affected Versions: Sales Tracker Management System version 1.0 Description: A Cross Site Scripting issue allows a remote attacker to gain privileges via the product list function in the Master.php file. This can be exploited to potentially gain unauthorized...

PT-2023-17370 · Unknown · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical issue has been found in the Subcategory Handler component, specifically in the file /classes/Master.php?f=save sub category. The manipulation of the sub...

CVE-2023-26857

An arbitrary file upload vulnerability in /admin/ajax.php?action=saveuploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution Vulnerability

Exploit Title: GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution RCE Application: GLPI Cartography...

Revenue Collection System v1.0 - Remote Code Execution Exploit

Exploit Title: Revenue Collection System v1.0 - Remote Code Execution RCE Exploit Author: Joe Pollock Vendor Homepage: https://www.sourcecodester.com/php/14904/rates-system.html Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/rates.zip Tested on: Kali Linux,...

Revenue Collection System v1.0 - Remote Code Execution (RCE)

Exploit Title: Revenue Collection System v1.0 - Remote Code Execution RCE Exploit Author: Joe Pollock Date: November 16, 2022 Vendor Homepage: https://www.sourcecodester.com/php/14904/rates-system.html Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/rates.zip...

Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites

Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisor...

CVE-2020-19786

File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file...

CVE-2020-19786

File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file...

Unrestricted file upload

File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file...

CVE-2023-1590

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file admin/operations/currency.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. Th...

CVE-2022-30037

XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php...

CVE-2020-19786

File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file...

CVE-2020-19786

File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file...

XunRuiCMS 安全漏洞

XunRuiCloud Software Development XunRuiCMS XunRui CMS is an open source content management system CMS from China XunRuiCloud Software Development Company. XunRuiCMS v4.3.3 to v4.5.1 version of a security vulnerability, the vulnerability stems from the existence of PHP file write and file...

CVE-2022-30037

XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php...