CVE-2024-2910

CVE-2024-2910 affects Ruijie RG-EG350 (pre-20240318) in the VPN quick set service. The vulnerable component is the HTTP POST handler function vpnAction in the file /itbox_pi/vpn_quickset_service.php?a=set_vpn. By manipulating arguments ip, port, user, pass, dns, or startIp, an attacker can trigge...

CVE-2024-2909

CVE-2024-2909 affects Ruijie RG-EG350 up to 20240318. The vulnerability resides in the HTTP POST Request Handler function setAction (file /itbox_pi/networksafe.php?a=set) where manipulation of the bandwidth argument enables OS command injection. It can be exploited remotely; multiple sources conf...

GHSA-99WG-VMVQ-2CP5 RaspAP Vulnerable to Code Injection via an Unknown Process in File `includes/provider.php`

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

CVE-2024-2497

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

CVE-2024-2497 RaspAP raspap-webgui HTTP POST Request provider.php code injection

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

CVE-2024-2497

RaspAP raspap-webgui 3.0.9 contains a code injection vulnerability in includes/provider.php via the HTTP POST parameter country, enabling remote code execution. Exploitation is possible over the network and public disclosures exist. A remediation is available: upgrade to billz/raspap-webgui 3.1.0...

CVE-2024-2482

A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /checkavailability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword lea...

CVE-2024-2482

CVE-2024-2482 affects Surya2Developer Hostel Management Service 1.0, via the HTTP POST Request Handler in the file /check_availability.php. The vulnerability arises from manipulation of the argument named oldpassword, causing an observable response discrepancy. Impact details in the provided sour...

PT-2024-20680 · Raspap · Raspap

Name of the Vulnerable Software and Affected Versions: RaspAP raspap-webgui version 3.0.9 Description: A critical issue affects the processing of the file includes/provider.php in the HTTP POST Request Handler component. The manipulation of the country argument leads to code injection. This issue...

PT-2024-20586 · Unknown · Surya2Developer Hostel Management Service

Name of the Vulnerable Software and Affected Versions: Surya2Developer Hostel Management Service version 1.0 Description: A vulnerability has been found in the HTTP POST Request Handler component, specifically in the file /check availability.php. The manipulation of the oldpassword argument leads...

PT-2024-21753 · Google · Android

Name of the Vulnerable Software and Affected Versions: TBD affected versions not specified Description: The issue is related to a possible out of bounds memory access in the lpm req handler due to a missing bounds check. This could lead to local escalation of privilege with no additional executio...

Sql injection

A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/managecategory.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql...

PT-2024-19807 · Unknown · Sourcecodester Online Mobile Management Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Mobile Management Store version 1.0 Description: A critical issue affects the processing of the file /admin/maintenance/manage category.php in the HTTP GET Request Handler component. The manipulation of the id argument...

CVE-2024-2272

A vulnerability classified as critical was found in keerti1924 Online-Book-Store-Website 1.0. This vulnerability affects unknown code of the file /home.php of the component HTTP POST Request Handler. The manipulation of the argument productname leads to sql injection. The attack can be initiated...

Sql injection

A vulnerability classified as critical has been found in keerti1924 Online-Book-Store-Website 1.0. This affects an unknown part of the file /shop.php of the component HTTP POST Request Handler. The manipulation of the argument productname leads to sql injection. It is possible to initiate the...

Sql injection

A vulnerability classified as critical was found in keerti1924 Online-Book-Store-Website 1.0. This vulnerability affects unknown code of the file /home.php of the component HTTP POST Request Handler. The manipulation of the argument productname leads to sql injection. The attack can be initiated...

CVE-2024-2272

CVE-2024-2272 affects the keerti1924 Online-Book-Store-Website v1.0. The vulnerability resides in the HTTP POST handler for /home.php where manipulating the product_name parameter enables an SQL injection. The issue is remote and has publicly disclosed exploits. References consistently identify t...

CVE-2024-2271

The CVE-2024-2271 entry affects keerti1924 Online-Book-Store-Website 1.0. A vulnerability in the HTTP POST Request Handler affects the /shop.php file, where the product_name parameter is susceptible to SQL injection. The issue can be exploited remotely, and public disclosures of the exploit exist...

CVE-2024-2168

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/operations/expensecategory.php of the component HTTP POST Request Handler. The manipulation of the argument status leads...

CVE-2024-2168

CVE-2024-2168 pertains to SourceCodester Online Tours & Travels Management System 1.0. Affects an unknown function in the file /admin/operations/expense_category.php on the HTTP POST Request Handler, where manipulating the status argument triggers a SQL injection. The vulnerability allows remote ...