CVE-2023-6901

A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. The manipulation of the argument command with the input whoami leads to os...

Command injection

A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. The manipulation of the argument command with the input whoami leads to os...

CVE-2023-6901

CVE-2023-6901 affects codelyfe Stupid Simple CMS versions up to 1.2.3. The vulnerability lies in the HTTP POST Request Handler’s file /terminal/handle-command.php, where using the argument with input “whoami” enables an OS command injection. The issue is exploitable remotely and an exploit has be...

CVE-2023-6576

A vulnerability was found in Byzoro S210 up to 20231123. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php of the component HTTP POST Request Handler. The manipulation of the argument fileupload leads to unrestricted upload. The attack can ...

CVE-2023-6576

CVE-2023-6576 affects Byzoro S210 (up to 20231123) and also mentions Beijing Baichuo S210 in related records. The vulnerability is in the HTTP POST Request Handler’s /Tool/uploadfile.php, where manipulating the file_upload argument enables unrestricted file uploads. This allows remote exploitatio...

CVE-2023-6574

A vulnerability was found in Byzoro Smart S20 up to 20231120 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php of the component HTTP POST Request Handler. The manipulation of the argument 1fileupload leads to unrestricted upload...

CVE-2023-6575

CVE-2023-6575 affects Beijing/Byzoro S210 up to 20231121. A SQL injection arises from manipulating the txt argument in the /Tool/repair.php HTTP POST handler, enabling remote exploitation. Public exploits/disclosures exist. Several connected sources corroborate the affected component and vulnerab...

CVE-2023-6574

CVE-2023-6574 affects Byzoro Smart S20 (up to 20231120) and Beijing Baichuo Smart S20. The flaw is in the HTTP POST Request Handler, specifically the 1_file_upload argument in /sysmanage/updateos.php, whose manipulation leads to unrestricted file upload. The vulnerability allows remote exploitati...

CVE-2007-10003

The CVE-2007-10003 entry concerns The Hackers Diet Plugin for WordPress (up to version 0.9.6b). The vulnerability affects the ajax_blurb.php component of the HTTP POST Request Handler, where manipulation of the user parameter leads to SQL injection. Exploitation is remote possible. Remediation is...

CVE-2023-5495

A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of the component HTTP POST Request Handler. The manipulation of the argument searchdata0title/searchdata0searchfield/searchdata0searchvalue...

Sql injection

A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of the component HTTP POST Request Handler. The manipulation of the argument searchdata0title/searchdata0searchfield/searchdata0searchvalue...

CVE-2023-5495

CVE-2023-5495 affects QDocs Smart School 6.4.1. The vulnerability is a SQL injection in the HTTP POST Request Handler, triggered by manipulating the POST parameters searchdata[0][title], searchdata[0][searchfield], and searchdata[0][searchvalue] sent to /course/filterRecords/. Root cause: input d...

CVE-2023-4559

A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api&action=user&m=upload of the component POST Request Handler. The manipulation leads to unrestricted upload. The attack may...

Out-of-bounds

A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api&action=user&m=upload of the component POST Request Handler. The manipulation leads to unrestricted upload. The attack may...

PT-2023-29580 · Unknown · Bettershop Laiketui

Name of the Vulnerable Software and Affected Versions: Bettershop LaikeTui affected versions not specified Description: A critical issue has been found in Bettershop LaikeTui, affecting some unknown functionality of the file "index.php?module=api&action=user&m=upload" of the component POST Reques...

CVE-2023-4407

A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/accountstatement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The...

Sql injection

A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/accountstatement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The...

PT-2023-29086 · Unknown · Codecanyon Credit Lite

Name of the Vulnerable Software and Affected Versions: Codecanyon Credit Lite version 1.5.4 Description: A critical vulnerability was found in the component POST Request Handler, specifically in the file /portal/reports/account statement. The manipulation of the date1 and date2 arguments leads to...

Cross-site Scripting in Mingsoft MCMS

A Cross-site Scripting vulnerability has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. Th...

Cross site scripting

A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotel...