Exploit for CVE-2024-50427

CVE-2024-50427 SurveyJS: Drag & Drop WordPress Form Builde...

PT-2024-16514 · Unknown · Codezips Isp Management System

Name of the Vulnerable Software and Affected Versions: Codezips ISP Management System version 1.0 Description: A critical issue was found in the Codezips ISP Management System, affecting some unknown functionality of the file pay.php. The manipulation of the customer argument leads to SQL...

CVE-2024-10609

A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System Project 1.0. This affects an unknown part of the file typeadd.php. The manipulation of the argument sex leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2024-10506

A vulnerability classified as critical has been found in code-projects Blood Bank System 1.0. This affects an unknown part of the file /admin/blood/update/B-.php. The manipulation of the argument Bloodname leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...

PT-2024-34275 · Unknown · Buynowdepot Advanced Online Ordering/Delivery Platform

Name of the Vulnerable Software and Affected Versions: BuyNowDepot Advanced Online Ordering and Delivery Platform versions n/a through 2.0.0 Description: The issue affects the BuyNowDepot Advanced Online Ordering and Delivery Platform, allowing for PHP Local File Inclusion due to an improper...

CVE-2024-48707

Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the name parameter under a action=add or action=edit within managemilestone.php file and b action=addpro within admin.php file...

Code-Projects Pharmacy Management System SQL注入漏洞

Code-Projects Pharmacy Management System is a Code-Projects open source pharmacy management system. Code-Projects Pharmacy Management System version 1.0 has a SQL injection vulnerability that originates from the parameter name/packing/genericname/suppliersname in the file /php/addnewmedicine.php...

CVE-2024-9981

The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server...

CVE-2023-31493

ZoneMinder

CVE-2024-9894

A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file reset.php. The manipulation of the argument useremail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...

PT-2024-39862 · Unknown · Code-Projects Blood Bank System

Name of the Vulnerable Software and Affected Versions: code-projects Blood Bank System version 1.0 Description: A critical issue has been found, affecting an unknown part of the file /update.php. The manipulation of the name argument leads to SQL injection. It is possible to initiate the attack...

Rupee Invoice System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Rupee Invoice System v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

CVE-2024-9078

A vulnerability has been found in code-projects Student Record System 1.0 and classified as critical. This vulnerability affects unknown code of the file /course.php. The manipulation of the argument coursename leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2024-40125

An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint...

CVE-2024-40125

An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint...

CVE-2024-40125

An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint...

CVE-2024-40125

The CVE-2024-40125 entry concerns Closed Loop Technology CLESS Server v4.5.2, where the Media Manager’s file upload endpoint is vulnerable to arbitrary PHP file uploads. The underlying issue enables remote code execution because a crafted PHP file can be uploaded and subsequently executed on the ...

CVE-2024-45398

Contao CMS vulnerability: a back-end user with file-manager access can upload and execute malicious files on the server, enabling remote command execution. Affected range includes Contao 4.x up to 4.13.48, 5.x up to 5.4.2. Remediation recommended by advisories is to upgrade to Contao 4.13.49, 5.3...

CVE-2024-7863 Favicon Generator < 2.1 - Arbitrary File Upload via CSRF

The Favicon Generator CLOSED WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server...

CVE-2024-27114

A unauthenticated Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the...