70 matches found
CVE-2024-48177
MRCMS 3.1.2 contains a SQL injection vulnerability via the RID parameter in /admin/article/delete.do...
CVE-2024-48177
Affected product: MRCMS 3.1.2. Vulnerability: SQL injection via the RID parameter in /admin/article/delete.do. Root cause implied by description: unsafe handling of RID enabling injection. Impact (per CVSS): CVSSv3.1 base score 8.8 (HIGH) with Network attack vector, low attack complexity, privile...
CVE-2024-25315
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2...
Sql injection
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2...
PT-2024-20884 · Code Projects · Code-Projects Hotel Managment System
Name of the Vulnerable Software and Affected Versions: Code-projects Hotel Managment System version 1.0 Description: The issue allows SQL Injection via the rid parameter in the "Hotel/admin/roombook.php" endpoint. This could potentially be exploited by manipulating the rid parameter to inject...
Hotel Managment System SQL Injection Vulnerability
Hotel Managment System is an open source hotel management system from Code-projects. Hotel Managment System version 1.0 suffers from a SQL injection vulnerability that originates from allowing SQL injection via the rid parameter in Hotel/admin/roombook.php...
CVE-2024-25315
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2...
CVE-2023-31753
SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary SQL commands via the "rid=" parameter...
Exploit for SQL Injection in Endonesia
Proof of Concept for CVE-2023-31753 Description: A SQL Injectio...
CVE-2023-31753
SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary SQL commands via the "rid=" parameter...
eNdonesia SQL注入漏洞
endonesia eNdonesia is an all-in-one social tool from endonesia. A security vulnerability exists in eNdonesia version 8.7, which stems from an SQL injection in diskusi.php that allows an attacker to execute arbitrary SQL commands via the rid= parameter...
Authorization
An improper authorization vulnerability exists in Rocket.Chat 6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room...
Rocket.Chat 授权问题漏洞
Rocket.Chat is an open source team chat software. A security vulnerability exists in versions prior to Rocket.Chat 6.0 that stems from improper authorization and allows an attacker to manipulate the parameter rid to change certain methods...
CVE-2023-28325
An improper authorization vulnerability exists in Rocket.Chat 6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room...
PT-2023-21650 · Unknown · Rocket.Chat
Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions prior to 6.0 Description: An improper authorization issue exists that could allow a hacker to manipulate the rid parameter and change the updateMessage method, which only checks whether the user is allowed to edit a messa...
Guest Management System SQL注入漏洞
Guest is an application product.Guest Management System is a web-based system designed to monitor the records of everyone who enters a school or college. An SQL injection vulnerability exists in SourceCodester Guest Management System. An attacker exploits the vulnerability to manipulate the...
CVE-2021-41928
SQL injection in Sourcecodester Try My Recipe Recipe Sharing Website - CMS 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the viewrecipe page...
CVE-2021-41928
SQL injection in Sourcecodester Try My Recipe Recipe Sharing Website - CMS 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the viewrecipe page...
CVE-2020-25760
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database...
PT-2020-16186
Name of the Vulnerable Software and Affected Versions Projectworlds Visitor Management System version 1.0 Description The issue allows for SQL Injection due to a lack of input validation on the rid parameter in the front.php file. This enables an attacker to append SQL queries to the input,...