2429 matches found
Passion Responsive Blogging 1.0 SQL Injection
============================================================================================================================================= | Title : Passion Responsive Blogging 1.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
CVE-2024-8579
A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is possible to initiate the attack remotely. The...
CVE-2024-8575 TOTOLINK AC1200 T8 cstecgi.cgi setWiFiScheduleCfg buffer overflow
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861B20230220 and classified as critical. This issue affects the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack may be initiated remotely. The exploit h...
CVE-2024-8574
A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861B20230220 and classified as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument slaveIpList leads to os command injection. The attack can be initiated...
CVE-2024-8568 Mini-Tmall 1 rewardMapper.select sql injection
A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has...
CVE-2024-8523
CVE-2024-8523 affects lmxcms up to version 1.4. The vulnerable component is the function formatData in the file /admin.php?m=Acquisi&a=testcj&lid=1 of the SQL Command Execution Module . Manipulation of the argument data leads to code injection. The issue can be exploited remotely, and the exploit...
CVE-2024-8523 lmxcms SQL Command Execution Module admin.php formatData code injection
A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may ...
CVE-2024-8296
A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument Useravatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been...
GHSA-XXQW-83C7-R24R FeehiCMS file upload vulnerability
A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. This affects the function update of the file /admin/index.php?r=friendly-link%2Fupdate. The manipulation of the argument FriendlyLinkimage leads to unrestricted upload. It is possible to initiate the attack...
CVE-2024-5987
The WP Accessibility Helper WAH plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savecontrastvariations' and 'saveemptycontrastvariations' functions in all versions up to, and including, 0.6.2.8. This makes it possible for...
CVE-2024-41236
A SQL injection vulnerability in /smsa/adminlogin.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page...
CVE-2024-8226
A vulnerability has been found in Tenda O1 1.0.0.710648 and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The explo...
PT-2024-29314 · Unknown · Kashipara Responsive School Management System
Name of the Vulnerable Software and Affected Versions: Kashipara Responsive School Management System version 3.2.0 Description: A SQL injection vulnerability in the /smsa/admin login.php file allows an attacker to execute arbitrary SQL commands via the username parameter of the Admin Login Page...
CVE-2024-8225
A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.20. Affected is the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument sysTimePolicy leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...
CVE-2024-8225
The CVE-2024-8225 vulnerability affects Tenda G3 devices (version 15.11.0.20) in the formSetSysTime function (/goform/SetSysTimeCfg). The root cause is manipulation of the sysTimePolicy argument, causing a stack-based buffer overflow. This can be exploited remotely, and public exploits have been ...
CVE-2024-8219
A vulnerability was found in code-projects Responsive Hotel Site 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument name/phone/email leads to sql injection. It is possible to launch the attack remotely. The exploit has...
CVE-2024-8219
A vulnerability was found in code-projects Responsive Hotel Site 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument name/phone/email leads to sql injection. It is possible to launch the attack remotely. The exploit has...
CVE-2024-8219
CVE-2024-8219 affects code-projects Responsive Hotel Site 1.0, with SQL injection in index.php triggered by manipulating name/phone/email parameters. The vulnerability is exploitable remotely, with exploits disclosed publicly. Root cause: unsafely handled user input leading to database query mani...
CVE-2024-8208
A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can ...
CVE-2024-8208 nafisulbari/itsourcecode Insurance Management System editClient.php cross site scripting
A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can ...