64 matches found
EUVD-2019-20018
Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, an...
EUVD-2019-19778
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...
EUVD-2019-19806
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...
CVE-2019-25524
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...
CVE-2019-25524
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...
CVE-2026-2912
CVE-2026-2912 affects code-projects Online Reviewer System v1.0. The vulnerability is in /system/system/students/assessments/results/studentresult-view.php, where manipulating the test_id argument triggers SQL injection. Exploitation is remote, and public exploitation has been reported. Multiple ...
CVE-2019-25445
Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript...
CVE-2019-25445 Fiverr Clone Script 1.2.2 Cross-Site Scripting via search-results.php
Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript...
EUVD-2024-47399
Malicious code in bioql PyPI...
CVE-2024-6279 lahirudanushka School Management System Exam Results Page examresults-par.php sql injection
A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file examresults-par.php of the component Exam Results Page. The manipulation of the argument sid leads to sql injection. The...
PT-2024-37507 · Unknown · Lahirudanushka School Management System
Name of the Vulnerable Software and Affected Versions: lahirudanushka School Management System versions 1.0.0 through 1.0.1 Description: A critical issue was found in the Exam Results Page component, specifically in the file examresults-par.php. The manipulation of the sid argument leads to SQL...
GHSA-4MVM-XH8J-FV27 Duplicate Advisory: govuk_tech_docs vulnerable to unescaped HTML on search results page
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-x2xw-hw8g-6773. This link is maintained to preserve external references. Original Description versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may ...
PT-2023-30926 · Unknown · Student Result Management System
Name of the Vulnerable Software and Affected Versions: Student Result Management System version 1.0 Description: The issue concerns unauthenticated SQL Injection vulnerabilities. Specifically, the rno parameter of the "add results.php" resource does not validate the characters received, and they...
Google Launches Verification Badges for Security Tested VPN Apps
By Deeba Ahmed The new feature will add an Independent Security Review badge at the top of the Google Play search results page when users search for VPN apps. This is a post from HackRead.com Read the original post: Google Launches Verification Badges for Security Tested VPN Apps...
JReviews <= 4.1.5 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting https://example.com/top-user-rated-listings?listview=2&q%22%3e%3cscript%3ealert1%3c%2fscript%3e=1...
Mahara 安全漏洞
Mahara is a free and open source Web-based electronic archive management system from Mahara. security vulnerabilities exist in versions prior to Mahara 20.10.5, 21.04.4, 21.10.2 and 22.04.0, which stem from the fact that sites in the application with isolated organizations are vulnerable to attac...
ICEcoder 跨站脚本漏洞
ICEcoder is a browser-based code editor that provides a modern approach to building websites. By allowing you to write code directly in your web browser. A security vulnerability exists in ICEcoder 8.0, which has been found to reflect an XSS vulnerability in the multi- results.php page due to...
CVE-2018-10867
Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user...
PT-2021-8693 · Red Hat +1 · Redhat-Certification +1
Name of the Vulnerable Software and Affected Versions: redhat-certification version 7 Description: The issue allows files to be accessible without restrictions from the "/update/results" page, enabling an attacker to remove any file accessible by the apached user. A remote attacker could exploit...
Red Hat Certification 访问控制错误漏洞
Red Hat Certification is a software package from Red Hat USA. An access control error vulnerability exists in Redhat redhat-certification 7 that stems from the component not restricting access to files in the update results page. An attacker could exploit this vulnerability to delete any file...