2595 matches found
CVE-2022-45275
An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=savesettings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-45009
Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leavesystem/classes/SystemSettings.php?f=updatesettings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
Design/Logic Flaw
Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leavesystem/classes/SystemSettings.php?f=updatesettings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-45009
Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leavesystem/classes/SystemSettings.php?f=updatesettings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
YITH WooCommerce Gift Cards < 3.20.0 - Unauthenticated Arbitrary File Upload
The plugin does not validate files to be uploaded, allowing unauthenticated attackers to upload arbitrary files, such as PHP...
CVE-2022-44354
SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file...
Limited LFI via Path Traversal
Description A path thraversal vulnerability in SuiteCRM 7.12.8 and earlier allows remote authenticated attackers to include a php file at an arbitrary path via unsanitized request parameters. Details In Suite CRM v7.12.8, SubpanelCreates.php and SubpanelEdit.php trust unsanitized user input to lo...
PT-2022-27190 · Unknown · Solarview Compact
Name of the Vulnerable Software and Affected Versions: SolarView Compact versions 4.0 through 5.0 Description: The issue allows for Unrestricted File Upload via a crafted php file. Recommendations: For SolarView Compact versions 4.0 through 5.0, consider restricting the upload of php files to...
CVE-2022-44354
SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file...
CVE-2022-45039
An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file...
Design/Logic Flaw
An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-45039
An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file...
WBCE CMS 代码问题漏洞
WBCE CMS is an open source content management system CMS based on PHP and MySQL. A security vulnerability exists in WBCE CMS v1.5.4, which originates from an arbitrary file upload vulnerability in the server settings module. An attacker can exploit this vulnerability to execute arbitrary code via...
Canteen Management System 安全漏洞
Canteen Management System is a canteen management system by Mayuri K. Individual developer. A security vulnerability exists in the SourceCodester Canteen Management System, which stems from the operation of the parameter productname that can lead to cross-site scripting, affecting functional...
CVE-2022-39179
College Management System v1.0 - Authenticated remote code execution. An admin user the authentication can be bypassed using SQL Injection that mentioned in my other report can upload .php file that contains malicious code via student.php file...
Sql injection
College Management System v1.0 - Authenticated remote code execution. An admin user the authentication can be bypassed using SQL Injection that mentioned in my other report can upload .php file that contains malicious code via student.php file...
CVE-2022-39179 College Management System v1.0 - Authenticated remote code execution
College Management System v1.0 - Authenticated remote code execution. An admin user the authentication can be bypassed using SQL Injection that mentioned in my other report can upload .php file that contains malicious code via student.php file...
CVE-2022-44384
An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-44384
An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file...
Privilege escalation
An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file...