Out-of-bounds

A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api&action=user&m=upload of the component POST Request Handler. The manipulation leads to unrestricted upload. The attack may...

PT-2023-29580 · Unknown · Bettershop Laiketui

Name of the Vulnerable Software and Affected Versions: Bettershop LaikeTui affected versions not specified Description: A critical issue has been found in Bettershop LaikeTui, affecting some unknown functionality of the file "index.php?module=api&action=user&m=upload" of the component POST Reques...

CVE-2023-4407

A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/accountstatement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The...

Sql injection

A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/accountstatement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The...

PT-2023-29086 · Unknown · Codecanyon Credit Lite

Name of the Vulnerable Software and Affected Versions: Codecanyon Credit Lite version 1.5.4 Description: A critical vulnerability was found in the component POST Request Handler, specifically in the file /portal/reports/account statement. The manipulation of the date1 and date2 arguments leads to...

Cross-site Scripting in Mingsoft MCMS

A Cross-site Scripting vulnerability has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. Th...

Cross site scripting

A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotel...

CVE-2023-3990

Mingsoft MCMS

CVE-2023-3969 GZ Scripts Availability Booking Calendar PHP HTTP POST Request index.php cross site scripting

A vulnerability, which was classified as problematic, has been found in GZ Scripts Availability Booking Calendar PHP 1.0. Affected by this issue is some unknown functionality of the file index.php of the component HTTP POST Request Handler. The manipulation of the argument promocode leads to cros...

CVE-2023-3850

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=deletecategory of the component HTTP POST Request Handler. The manipulation of the argume...

CVE-2023-3827

A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /listplace/user/ticket/create of the component HTTP POST Request Handler. The manipulation of the argument message leads...

Cross site scripting

A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /listplace/user/ticket/create of the component HTTP POST Request Handler. The manipulation of the argument message leads...

CVE-2023-3827

CVE-2023-3827 affects Bug Finder Listplace Directory Listing Platform 3.0. The vulnerability is in the HTTP POST Request Handler, specifically the /listplace/user/ticket/create endpoint, where manipulating the message argument leads to cross-site scripting. The attack is described as potentially ...

CVE-2023-3793

A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql...

CVE-2023-3793 Weaver e-cology HTTP POST Request filelFileDownloadForOutDoc.class sql injection

A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql...

CVE-2023-3793

CVE-2023-3793 affects Weaver e-cology. The vulnerability resides in the HTTP POST Request Handler, specifically the filelFileDownloadForOutDoc.class, where the fileid parameter can be manipulated (example: 1+WAITFOR+DELAY) to yield SQL injection. Affected versions are prior to 10.58.0. Upgrading ...

CVE-2023-3783

A vulnerability was found in Webile 1.0.1. It has been classified as problematic. Affected is an unknown function of the component HTTP POST Request Handler. The manipulation of the argument newfilename/c leads to cross site scripting. It is possible to launch the attack remotely. The exploit has...

Webile 跨站脚本漏洞

webileapps Webile is an application from webileapps, Inc. A cross-site scripting vulnerability exists in Webile version 1.0.1, which stems from the parameter newfilename/c of the component HTTP POST Request Handler can lead to cross-site scripting...

PT-2023-26133 · Webile · Webile

Name of the Vulnerable Software and Affected Versions: Webile version 1.0.1 Description: A vulnerability was found in the HTTP POST Request Handler component. The manipulation of the new file name/c argument leads to cross-site scripting. It is possible to launch the attack remotely. The exploit...

CVE-2023-3680

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=saveitem of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is...