Lucene search
K

2429 matches found

Packet Storm
Packet Storm
added 2024/09/10 12:0 a.m.293 views

Passion Responsive Blogging 1.0 SQL Injection

============================================================================================================================================= | Title : Passion Responsive Blogging 1.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
NVD
NVD
added 2024/09/08 8:15 p.m.13 views

CVE-2024-8579

A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is possible to initiate the attack remotely. The...

9.8CVSS0.01349EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/09/08 4:31 p.m.17 views

CVE-2024-8575 TOTOLINK AC1200 T8 cstecgi.cgi setWiFiScheduleCfg buffer overflow

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861B20230220 and classified as critical. This issue affects the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack may be initiated remotely. The exploit h...

9CVSS7AI score0.01091EPSS
Exploits1References5
NVD
NVD
added 2024/09/08 11:15 a.m.21 views

CVE-2024-8574

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861B20230220 and classified as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument slaveIpList leads to os command injection. The attack can be initiated...

8.8CVSS0.03077EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/09/08 2:31 a.m.22 views

CVE-2024-8568 Mini-Tmall 1 rewardMapper.select sql injection

A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has...

6.5CVSS0.00493EPSS
Exploits0References4
CVE
CVE
added 2024/09/07 9:0 a.m.55 views

CVE-2024-8523

CVE-2024-8523 affects lmxcms up to version 1.4. The vulnerable component is the function formatData in the file /admin.php?m=Acquisi&a=testcj&lid=1 of the SQL Command Execution Module . Manipulation of the argument data leads to code injection. The issue can be exploited remotely, and the exploit...

7.2CVSS5.6AI score0.0096EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2024/09/07 9:0 a.m.24 views

CVE-2024-8523 lmxcms SQL Command Execution Module admin.php formatData code injection

A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may ...

5.8CVSS0.0096EPSS
Exploits1References4
NVD
NVD
added 2024/08/29 1:15 p.m.33 views

CVE-2024-8296

A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument Useravatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been...

9.8CVSS0.00756EPSS
Exploits1References4
OSV
OSV
added 2024/08/29 12:31 p.m.21 views

GHSA-XXQW-83C7-R24R FeehiCMS file upload vulnerability

A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. This affects the function update of the file /admin/index.php?r=friendly-link%2Fupdate. The manipulation of the argument FriendlyLinkimage leads to unrestricted upload. It is possible to initiate the attack...

6.3CVSS7.9AI score0.00756EPSS
Exploits1References6
NVD
NVD
added 2024/08/29 11:15 a.m.33 views

CVE-2024-5987

The WP Accessibility Helper WAH plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savecontrastvariations' and 'saveemptycontrastvariations' functions in all versions up to, and including, 0.6.2.8. This makes it possible for...

5.4CVSS0.00264EPSS
Exploits0References2
OSV
OSV
added 2024/08/28 6:15 p.m.3 views

CVE-2024-41236

A SQL injection vulnerability in /smsa/adminlogin.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page...

7.2CVSS6.1AI score0.00375EPSS
Exploits1References2
NVD
NVD
added 2024/08/28 12:15 a.m.16 views

CVE-2024-8226

A vulnerability has been found in Tenda O1 1.0.0.710648 and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The explo...

9.8CVSS0.01255EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/08/28 12:0 a.m.3 views

PT-2024-29314 · Unknown · Kashipara Responsive School Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Responsive School Management System version 3.2.0 Description: A SQL injection vulnerability in the /smsa/admin login.php file allows an attacker to execute arbitrary SQL commands via the username parameter of the Admin Login Page...

7.2CVSS8.2AI score0.00375EPSS
Exploits1References10
NVD
NVD
added 2024/08/27 11:15 p.m.14 views

CVE-2024-8225

A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.20. Affected is the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument sysTimePolicy leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...

9.8CVSS0.01213EPSS
Exploits1References5
CVE
CVE
added 2024/08/27 11:0 p.m.55 views

CVE-2024-8225

The CVE-2024-8225 vulnerability affects Tenda G3 devices (version 15.11.0.20) in the formSetSysTime function (/goform/SetSysTimeCfg). The root cause is manipulation of the sysTimePolicy argument, causing a stack-based buffer overflow. This can be exploited remotely, and public exploits have been ...

9.8CVSS8.9AI score0.01213EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/08/27 10:15 p.m.6 views

CVE-2024-8219

A vulnerability was found in code-projects Responsive Hotel Site 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument name/phone/email leads to sql injection. It is possible to launch the attack remotely. The exploit has...

9.8CVSS5.8AI score
Exploits0References5
NVD
NVD
added 2024/08/27 10:15 p.m.21 views

CVE-2024-8219

A vulnerability was found in code-projects Responsive Hotel Site 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument name/phone/email leads to sql injection. It is possible to launch the attack remotely. The exploit has...

9.8CVSS0.00646EPSS
Exploits1References5
CVE
CVE
added 2024/08/27 9:31 p.m.54 views

CVE-2024-8219

CVE-2024-8219 affects code-projects Responsive Hotel Site 1.0, with SQL injection in index.php triggered by manipulating name/phone/email parameters. The vulnerability is exploitable remotely, with exploits disclosed publicly. Root cause: unsafely handled user input leading to database query mani...

9.8CVSS7.5AI score0.00646EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2024/08/27 6:15 p.m.16 views

CVE-2024-8208

A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can ...

6.1CVSS0.00303EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/27 5:31 p.m.20 views

CVE-2024-8208 nafisulbari/itsourcecode Insurance Management System editClient.php cross site scripting

A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can ...

5.3CVSS6.1AI score0.00303EPSS
Exploits0References3
Rows per page
Query Builder