633 matches found
CVE-2022-38305
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
Privilege escalation
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-38305
AeroCMS v0.0.1 is affected by an arbitrary file upload vulnerability in the /admin/profile.php component. The underlying issue allows an attacker to upload a crafted PHP file, enabling arbitrary code execution on the server. CVSS 3.1 base score 8.8 (HIGH) with network attack vector, low attack co...
CVE-2022-2957
A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation of the argument memid leads to sql injection. The attack can be launched...
Sql injection
A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation of the argument memid leads to sql injection. The attack can be launched...
CVE-2022-2957 SourceCodester Simple and Nice Shopping Cart Script profile.php sql injection
A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation of the argument memid leads to sql injection. The attack can be launched...
Simple and Nice Shopping Cart Script SQL注入漏洞
Simple and Nice Shopping Cart Script is simple and nice PHP shopping cart script. SourceCodester Simple and Nice Shopping Cart Script suffers from a SQL injection vulnerability that stems from an unknown function in the file /mkshop/Men/profile.php, where manipulation of the parameter memid can...
CVE-2022-2909 SourceCodester Simple and Nice Shopping Cart Script profile.php unrestricted upload
A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. T...
CVE-2022-2909 SourceCodester Simple and Nice Shopping Cart Script profile.php unrestricted upload
A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. T...
CVE-2022-2773
A vulnerability was found in SourceCodester Apartment Visitor Management System. It has been classified as problematic. This affects an unknown part of the file profile.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-206169 w...
Cross site scripting
A vulnerability was found in SourceCodester Apartment Visitor Management System. It has been classified as problematic. This affects an unknown part of the file profile.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-206169 w...
CVE-2022-2773 SourceCodester Apartment Visitor Management System profile.php cross site scripting
A vulnerability was found in SourceCodester Apartment Visitor Management System. It has been classified as problematic. This affects an unknown part of the file profile.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-206169 w...
CVE-2022-2681 SourceCodester Online Student Admission System Student User Page edit-profile.php cross site scripting
A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input alert/xss/ leads to cross site...
CVE-2022-2681 SourceCodester Online Student Admission System Student User Page edit-profile.php cross site scripting
A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input alert/xss/ leads to cross site...
Cross site scripting
Cross Site Scripting XSS vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php...
CVE-2020-35261
Cross Site Scripting XSS vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php...
qcubed PHP object injection
A PHP object injection bug in profile.php in qcubed all versions including 3.1.1 unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request...
GHSA-7W3C-JGH7-CWJW qcubed PHP object injection
A PHP object injection bug in profile.php in qcubed all versions including 3.1.1 unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request...
qcubed SQL injection vulnerability in profile.php via the strQuery parameter
A SQL injection vulnerability in qcubed all versions including 3.1.1 in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request...
GHSA-8FJ6-PC5R-347Q qcubed SQL injection vulnerability in profile.php via the strQuery parameter
A SQL injection vulnerability in qcubed all versions including 3.1.1 in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request...