543 matches found
CVE-2024-49754 LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the "token" parameter when creating a new API token. This vulnerability can result i...
CVE-2024-47524 LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of...
CVE-2024-47525 Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-alert-rules.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious...
CVE-2024-47526
LibreNMS is affected by a Self-XSS in the Alert Templates feature. The vulnerability stems from insufficient sanitization of the template name before rendering in the UI, allowing arbitrary JavaScript to execute during template creation. The in-page script runs at submission time but does not per...
CVE-2024-47528 LibreNMS Contains a Stored XSS via File Upload
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting XSS can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload...
Computer Laboratory Management 1.0 SQL Injection
Exploit Title: Computer Laboratory Management - SQL Injection Authenticated Date: 11/08/2024 Exploit Author: Mert Kuvvet Vendor Homepage: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html Software Link:...
ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting
x========================================================================================================================================x | Title : Readymade Unilevel Ecommerce MLM Blind SQL & XSS Vulnerabilities | Software : Readymade Unilevel Ecommerce | Last Update : 15/03/24 TESTED VERSION...
CVE-2024-40392
SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/MySQL and Bootstrap Framework with Source Code 1.0 was discovered to contain a SQL injection vulnerability via the name parameter under addnew.php...
CVE-2024-40394
Simple Library Management System Project Using PHP/MySQL v1.0 was discovered to contain an arbitrary file upload vulnerability via the component ajax.php...
Cinema Booking System 1.0 SQL Injection / Cross Site Request Forgery
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title Cinema Booking System - Multiple Vulnerabilities .:. Google Dorks .:. intitle:Cinema Booking System .:. Date: July 5, 2024 .:. Exploit Author: bRpsd .:. Contact: cyatlive.no .:. Vendor -...
Emlog Pro License Issues Vulnerability
emlog is a PHP and MySQL based CMS builder for emlog personal developers. An authorization issue vulnerability exists in Emlog Pro version 2.3.4, which stems from incorrect authentication of the parameter AuthCookie of the component Cookie Handler. An attacker can exploit this vulnerability to...
CVE-2024-34919
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-34919
The CVE-2024-34919 entry describes an arbitrary file upload in Pisay Online E-Learning System v1.0, specifically the modstudent/controller.php component, enabling attackers to execute arbitrary code via crafted uploads. The vulnerability is associated with PHP/MySQL-based Pisay Online E-Learning ...
Doctor Appointment Management System 1.0 Cross Site Scripting Vulnerability
Application Name: Doctor Appointment Management System Software Link: Download Link Vendor Homepage: Vendor Homepage BuG: XsS BUGAuthor: SoSPiro Version: 1.0 CVE: CVE-2024-4293 Vulnerable code section: - http://localhost/Doctor-Appointment-SystemPHP/dams/doctor/appointment-bwdates.php - Lines 57-...
CVE-2024-30982
SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the upid parameter in the /view-user-detail.php file...
CVE-2024-30985
SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "todate" and "fromdate" parameters...
Design/Logic Flaw
A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. This affects an unknown part of the file login.sql. The manipulation leads to inclusion of sensitive information in source code. It is possible to initiate the attack remotely. The explo...
CVE-2024-2265 keerti1924 PHP-MYSQL-User-Login-System login.sql inclusion of sensitive information in source code
A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. This affects an unknown part of the file login.sql. The manipulation leads to inclusion of sensitive information in source code. It is possible to initiate the attack remotely. The explo...
Sql injection
A vulnerability, which was classified as critical, has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The...
CVE-2024-2264
CVE-2024-2264 concerns the keerti1924 PHP-MYSQL-User-Login-System 1.0. Multiple connected sources confirm a SQL injection vulnerability in the /login.php file, triggered by manipulating the email parameter. The issue is described as remote in attack surface, with the exploit disclosed publicly. C...