SourceCodester Web-based Pharmacy Product Management System 代码问题漏洞

SourceCodester Web-based Pharmacy Product Management System is a SourceCodester open source web-based pharmacy product management system. A security vulnerability exists in SourceCodester Web-based Pharmacy Product Management System v.1.0, which originates in the file upload functionality and cou...

CVE-2025-45997

Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image/jpg...

CVE-2025-45997

CVE-2025-45997 affects Sourcecodester Web-based Pharmacy Product Management System v1.0. The issue is in the file upload feature: an attacker can upload a PHP file disguised as an image by tampering the Content-Type header to image/jpg, potentially enabling remote code execution on the server. Th...

CVE-2025-45997

Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image/jpg...

CVE-2024-7460

A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /changepassword.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The...

CVE-2024-29514

File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2024-3365

A vulnerability was found in SourceCodester Online Library System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/users/controller.php. The manipulation of the argument username leads to cross site scripting. The attack may be initiated remotely...

CVE-2024-8867

A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message leads to cross site scripting. The attack can be...

CVE-2024-47823

Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not...

CVE-2024-5450

The Bug Library WordPress plugin before 2.1.1 does not check the file type on user-submitted bug reports, allowing an unauthenticated user to upload PHP files...

CVE-2024-1701

A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been...

CVE-2024-33111

D-Link DIR-845L router =v1.01KRb03 is vulnerable to Cross Site Scripting XSS via /htdocs/webinc/js/bscsmsinbox.php...

CVE-2024-42779

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=savemusic" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2024-52779

DCME-320 =7.4.12.90, DCME-520 =9.25.5.11, DCME-320-L =9.3.5.26, and DCME-720 =9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/monstattop10.php...

CVE-2023-39852

Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who claims that the userid is a session variable controlled by the server, and thus cannot be used for exploitation. The original reporter...

CVE-2023-0561

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file /user/s.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The explo...

CVE-2023-0962

A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file Master.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated...

CVE-2023-6274

A vulnerability was found in Byzoro Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument fileupload leads to unrestricted...

CVE-2023-41506

An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2023-43226

An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file...