CVE-2022-41538

Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photosadd.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-41538

Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photosadd.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

Human Resource Management System 安全漏洞

Human Resource Management System is a human resource management system by maverickosama Personal Developer. A security vulnerability exists in Human Resource Management System, which stems from an unknown function in its city.php component that operates on the parameter searccity to cause SQL...

CVE-2022-41533

Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /phpaction/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-41534

Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /phpaction/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-41406

An arbitrary file upload vulnerability in the /admin/adminpic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-41406

An arbitrary file upload vulnerability in the /admin/adminpic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

Design/Logic Flaw

An arbitrary file upload vulnerability in the /admin/adminpic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-40777

Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveyssubmit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. NOTE: this issue exists because of an incomplete fix for CVE-2018-19550...

CVE-2022-3452

A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument categoryname leads to cross site scripting. The attack can be initiated remotely...

CVE-2022-41406

An arbitrary file upload vulnerability in the /admin/adminpic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-41379

An arbitrary file upload vulnerability in the component /leavesystem/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-41512

An arbitrary file upload vulnerability in the component /phpaction/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-41512

An arbitrary file upload vulnerability in the component /phpaction/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

qdPM 9.1 Authenticated Shell Upload Exploit

A remote code execution vulnerability exists in qdPM versions 9.1 and below. An attacker can upload a malicious PHP code file via the profile photo functionality by leveraging a path traversal vulnerability in the users'photoppreview' delete photo feature thus allowing bypass of .htaccess...

Remote code execution

In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution RCE...

CVE-2022-40878

CVE-2022-40878 affects the Exam Reviewer Management System 1.0. An authenticated attacker can upload a web-shell PHP file via the profile page, leading to Remote Code Execution (RCE) . The vulnerability arises from an insecure file-upload path on the profile page, enabling arbitrary code executio...

CVE-2022-40089

A remote file inclusion RFI vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the directive allowurlinclude is set to On...

CVE-2022-40089

A remote file inclusion RFI vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the directive allowurlinclude is set to On...

Remote file inclusion

A remote file inclusion RFI vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the directive allowurlinclude is set to On...