CVE-2024-5116 SourceCodester Online Examination System save.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Examination System 1.0. Affected by this issue is some unknown functionality of the file save.php. The manipulation of the argument vote leads to sql injection. The attack may be launched remotely. The...

CVE-2024-29515

File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component...

CVE-2024-29515

The CVE is for LeptonCMS v7.1.0 (Lepton) and describes a File Upload vulnerability that enables a remote authenticated attacker to execute arbitrary PHP code by uploading crafted files to the save.php and config.php components. The root cause, as reflected across multiple sources, is improper han...

LeptonCMS 安全漏洞

LeptonCMS is a content management system CMS from the Lepton Project. A security vulnerability exists in LeptonCMS version v.7.1.0. A remote attacker can exploit this vulnerability to execute arbitrary code by uploading specially crafted PHP files to the save.php and config.php components...

VvvebJs Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php...

VvvebJs Reflected Cross-Site Scripting (XSS) vulnerability

A reflected Cross-Site Scripting XSS vulnerability in VvvebJs before version 1.7.5 allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php...

CVE-2024-29271

Reflected Cross-Site Scripting XSS vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php...

CVE-2024-29271

Reflected Cross-Site Scripting XSS vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php...

CVE-2024-29271

Reflected Cross-Site Scripting XSS vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php...

CVE-2024-29271

Reflected Cross-Site Scripting XSS vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php...

VvvebJs 安全漏洞

VvvebJs is a drag-and-drop website generator for Givan Personal Developers. A security vulnerability exists in VvvebJs prior to version 1.7.7, which stems from an arbitrary file upload vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code and obtain sensitive...

PT-2024-22844 · Vvvebjs · Vvvebjs

Name of the Vulnerable Software and Affected Versions: VvvebJs versions prior to 1.7.5 Description: The issue allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in the "save.php" file. This enables remote attacks,...

WBCE CMS Cross-Site Scripting Vulnerability (CNVD-2022-68523)

WBCE CMS is an open source content management system CMS based on PHP and MySQL. version 1.5.2 of WBCE CMS contains a cross-site scripting vulnerability that can be exploited by attackers to conduct cross-site scripting XSS attacks via /admin/users/save.php...

CVE-2022-30073

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting XSS via /admin/users/save.php...

CVE-2022-30073

WBCE CMS 1.5.2 contains a stored Cross‑Site Scripting (XSS) vulnerability in the Display Name parameter of /admin\Users\save.php. The Nuclei template confirms the flaw as stored XSS with practical impact information: injection of malicious scripts into pages viewed by other users, potentially ena...

CVE-2022-28035

Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMSadminajaxblur-save.php...

Cross site scripting

A Cross Site Scripting XSS exists in ZZZCMS V1.7.1 via an editfile action in save.php...

Cross site request forgery (csrf)

A Cross Site Request Forgery CSRF vulnerability exits in ZZZCMS V1.7.1 via the saveuser funciton in save.php...

CVE-2021-25877

AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php...

CVE-2021-25877

AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php...