PT-2024-37829 · Unknown · Sourcecodester Student Study Center Desk Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Student Study Center Desk Management System version 1.0 Description: A critical issue has been discovered, affecting an unknown part of the file /Master.php?f=save student. The manipulation of the id argument leads to SQL...

CVE-2024-5450

The Bug Library WordPress plugin before 2.1.1 does not check the file type on user-submitted bug reports, allowing an unauthenticated user to upload PHP files...

CVE-2024-5450

CVE-2024-5450 affects the WordPress Bug Library plugin prior to version 2.1.1. The vulnerability arises because the plugin does not validate the file type of files submitted with bug reports, enabling an unauthenticated user to upload PHP files (remote code execution risk). Affected product: Word...

CVE-2024-6650

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this issue is the function savedesignation of the file /classes/Master.php. The manipulation leads to cross site scripting. The attack may be launched remotely...

SoftExpert Excellence Suite Security Vulnerability

SoftExpert Excellence Suite is a commercial suite from SoftExpert Brazil. A security vulnerability exists in Softexpert Excellence Suite version v.2.1, which stems from a file upload vulnerability that could allow an attacker to execute arbitrary code by uploading a .php file to the...

Poultry Farm Management System 1.0 Shell Upload

Exploit Title: Poultry Farm Management System v1.0 - Remote Code Execution RCE Date: 24-06-2024 CVE: N/A Awaiting ID to be assigned Exploit Author: Jerry Thomas w3bn00b3r Vendor Homepage: https://www.sourcecodester.com/php/15230/poultry-farm-management-system-free-download.html Software Link:...

PT-2024-37529 · Unknown · Simple Online Hotel Reservation System

Name of the Vulnerable Software and Affected Versions: Simple Online Hotel Reservation System version 1.0 Description: A critical issue has been identified, affecting the file index.php. The manipulation of the username argument leads to SQL injection. This issue can be exploited remotely...

CVE-2024-34833

Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "savesettings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability...

Payroll Management System Security Vulnerability

Payroll Management System is a payroll management system developed by Carlo Montero. A security vulnerability exists in Payroll Management System version 1.0, which can be exploited by an unauthenticated attacker to upload a malicious PHP file using the "savesettings" page's image upload...

CVE-2024-34833

Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "savesettings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability...

PHP Event Calendar SQL Injection Vulnerability

PHP Event Calendar is open source a multi-user modern event calendar based on AJAX. It is easy to integrate and fully customizable. A SQL injection vulnerability exists in PHP Event Calendar version 1.0, which stems from a security issue in the regConfirm/regDelete function of process.php, which...

AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)

Exploit Title: Life Insurance Management System- Unauthenticated Remote Code Execution RCE Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/...

AEGON LIFE 1.0 Remote Code Execution

Exploit Title: Life Insurance Management System- Unauthenticated Remote Code Execution RCE Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/...

GHSA-CR7J-RWMV-VGCH Duplicate Advisory: aimeos-core arbitrary file upload vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rhc2-23c2-ww7c. This link is maintained to preserve external references. Original Description An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execu...

CVE-2024-36811

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-37295. Reason: This candidate is a reservation duplicate of CVE-2024-37295. Notes: All CVE users should reference CVE-2024-37295 instead of this candidate. All references and descriptions in this candidate have been removed t...

CVE-2024-36811

...

CVE-2024-36811

An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2024-36811

CVE-2024-36811 is a reserved/duplicate entry for CVE-2024-37295. Connected documents describe Aimeos core vulnerability: before 2024.04.5, an administrative user could upload image-like files containing PHP code, leading to remote code execution in the web server context. A fix is released in 202...

aimeos-core arbitrary file uopload vulnerability

An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2024-36774

An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file...