633 matches found
qcubed reflected cross-site scripting (XSS) vulnerability
A reflected cross-site scripting XSS vulnerability in qcubed all versions including 3.1.1 in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users...
CVE-2022-27478
Victor CMS v1.0 contains a remote code execution (RCE) vulnerability exploitable through the component admin/profile.php?section=admin. The set of connected documents consistently describes an RCE without detailing the root cause or exact exploit path beyond the vulnerable endpoint. Impact is des...
CVE-2021-45003
Laundry Booking Management System 1.0 Latest and previous versions are affected by a remote code execution RCE vulnerability in profile.php through the "image" parameter that can execute a webshell payload...
Remote code execution
Laundry Booking Management System 1.0 Latest and previous versions are affected by a remote code execution RCE vulnerability in profile.php through the "image" parameter that can execute a webshell payload...
CVE-2021-45003
Laundry Booking Management System 1.0 Latest and previous versions are affected by a remote code execution RCE vulnerability in profile.php through the "image" parameter that can execute a webshell payload...
PT-2022-12285 · Unknown · Laundry Booking Management System
Name of the Vulnerable Software and Affected Versions: Laundry Booking Management System versions 1.0 and earlier Description: The issue is related to a remote code execution RCE vulnerability. It affects the profile.php file through the image parameter, allowing the execution of a webshell...
CVE-2020-22173
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information...
CVE-2020-22173
CVE-2020-22173 affects PHPGurukul Hospital Management System v4.0, with a SQL injection vulnerability in the hms/edit-profile.php that enables remote unauthenticated access to sensitive database information. Exploitation details are consistently described as a SQLi in hms/edit-profile.php across ...
PT-2021-10738 · Unknown · Phpgurukul Hospital Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Hospital Management System version 4.0 Description: The issue concerns a SQL injection vulnerability located in the hmsedit-profile.php file. This vulnerability can be exploited by remote unauthenticated users to obtain sensitive...
CVE-2020-24913
A SQL injection vulnerability in qcubed all versions including 3.1.1 in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request...
CVE-2020-24913
A SQL injection vulnerability in qcubed all versions including 3.1.1 in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request...
CVE-2020-24914
A PHP object injection bug in profile.php in qcubed all versions including 3.1.1 unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request...
CVE-2020-24912
A reflected cross-site scripting XSS vulnerability in qcubed all versions including 3.1.1 in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users...
Cross site scripting
A reflected cross-site scripting XSS vulnerability in qcubed all versions including 3.1.1 in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users...
CVE-2020-24914
A PHP object injection bug in profile.php in qcubed all versions including 3.1.1 unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request...
CVE-2020-24914
Summary: QCubed PHP object injection in profile.php (affecting all versions including 3.1.1) enables unauthenticated remote code execution by unserializing the POST variable “strProfileData.” The issue stems from PHP object injection in qcubed and is rated CRITICAL (CVSSv3.1: AV:N/AC:L/PR:N/UI:N/...
CVE-2020-24912
A reflected cross-site scripting (XSS) vulnerability in QCubed, affecting all versions including 3.1.1, resides in profile.php via the stQuery- parameter. Unauthenticated attackers can steal sessions of authenticated users by exploiting this flaw. The Nuclei template and related advisories confir...
PT-2021-11086 · Qcubed · Qcubed
Name of the Vulnerable Software and Affected Versions: qcubed versions 3.1.1 and earlier Description: A PHP object injection bug in profile.php unserializes the untrusted data of the strProfileData POST-variable, allowing an unauthenticated attacker to execute code via a crafted POST request...
PT-2021-11085 · Qcubed · Qcubed
Name of the Vulnerable Software and Affected Versions: qcubed versions 3.1.1 and earlier Description: A SQL injection issue allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request to the profile.php file, specifically via the strQuery parameter...
Design/Logic Flaw
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field...