SourceCodester Simple Responsive Tourism Website SQL注入漏洞

SourceCodester Simple Responsive Tourism Website is an open-source tourism website developed by SourceCodester. Version 1.0 of SourceCodester Simple Responsive Tourism Website has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter Username in the...

EUVD-2020-30908

Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious payloads and overwrite Structured Exception Handler SEH to execute shellcode when pasting specially...

CVE-2020-37013

Audio Playback Recorder 3.2.2 is affected by a local buffer overflow in the eject and registration parameters, leading to arbitrary code execution via overwriting the Structured Exception Handler (SEH) when input is crafted and pasted into the application. Documents in connected sources confirm t...

CVE-2020-37013

Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious payloads and overwrite Structured Exception Handler SEH to execute shellcode when pasting specially...

CVE-2026-0920

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajaxregisterhandle' function not restricting what user roles a user can register with. This makes it possible for...

CVE-2026-0920

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajaxregisterhandle' function not restricting what user roles a user can register with. This makes it possible for...

Code-Projects Online Job Search Engine 安全漏洞

Online Job Search Engine is an online job search engine. Online Job Search Engine suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter txtusername in the file /registration.php. An attacker can exploit this...

PHPGurukul Job Portal 安全漏洞

PHPGurukul Job Portal is a PHP-based job search website system from PHPGurukul. A security vulnerability exists in PHPGurukul Job Portal version 1.0, which originates from the JOBREGID parameter in /jobportal/admin/applicants/controller.php...

PHPGurukul Hospital Management System Cross-Site Scripting Vulnerability

PHPGurukul Hospital Management System is a PHP and MySQL based hospital management system. A cross-site scripting vulnerability exists in PHPGurukul Hospital Management System version 1.0, which stems from the parameter First Name in the file registration.php that can lead to cross-site scripting...

CVE-2023-50566

A stored cross-site scripting XSS vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter...

CVE-2020-22818

MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter...

Concerto Cross-Site Scripting Vulnerability

concerto is an open source digital signage system. A security vulnerability exists in Concerto version 2.3.6 and prior versions that allows an unauthenticated, remote attacker to inject an XSS payload into the First Name or Last Name parameter during registration, which introduces arbitrary...

CVE-2021-24158

Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for...

XSS Vulnerability in Microsoft CMS

Micro Window CMS is a free and open source WeChat public number and Alipay service window management platform system. Micro Window CMS suffers from an XSS vulnerability, which originates from improper filtering of parameters passed into the system during registration. Attackers can use this...