CVE-2024-2149

CVE-2024-2149 affects CodeAstro Membership Management System 1.0, specifically the code path in settings.php where the currency parameter can be manipulated to trigger SQL injection. The vulnerability is remote(attack vector: network) with high impact on confidentiality, integrity, and availabili...

CVE-2024-2149 CodeAstro Membership Management System settings.php sql injection

A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file settings.php. The manipulation of the argument currency leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

CVE-2024-25869

An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component...

CVE-2024-25869

An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component...

PT-2024-21175 · Unknown · Codeastro Membership Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro Membership Management System version 1.0 Description: An Unrestricted File Upload issue allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component. Recommendations: For CodeAstr...

CVE-2024-25344

CVE-2024-25344 relates to ITFlow.org prior to commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378, described as a Cross Site Scripting/CSRF issue affecting multiple settings components (settings.php, settings+company.php, settings_defaults.php, settings_integrations.php, settings_invoice.php, setti...

Cross-Site Scripting (XSS)

moodle/moodle is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of sanitization in the Header and Footer parameter in settings.php which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Cross-site Scripting in UDX Stateless Media Plugin

A vulnerability was found in UDX Stateless Media Plugin 3.1.1. It has been declared as problematic. This vulnerability affects the function setupwizardinterface of the file lib/classes/class-settings.php. The manipulation of the argument settings leads to cross site scripting. The attack can be...

CVE-2022-4905

A vulnerability was found in UDX Stateless Media Plugin 3.1.1 on WordPress. It has been declared as problematic. This vulnerability affects the function setupwizardinterface of the file lib/classes/class-settings.php. The manipulation of the argument settings leads to cross site scripting. The...

CVE-2022-4905 UDX Stateless Media Plugin class-settings.php setup_wizard_interface cross site scripting

A vulnerability was found in UDX Stateless Media Plugin 3.1.1 on WordPress. It has been declared as problematic. This vulnerability affects the function setupwizardinterface of the file lib/classes/class-settings.php. The manipulation of the argument settings leads to cross site scripting. The...

WordPress demon image annotation cross-site request forgery vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. Cross-site request forgery vulnerability exists in WordPress demon image annotation 4.7 and earlier versions, which stems from the lack of nonce...

CVE-2022-3464 puppyCMS settings.php cross site scripting

A vulnerability classified as problematic has been found in puppyCMS up to 5.1. This affects an unknown part of the file /admin/settings.php. The manipulation of the argument sitename leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this...

CVE-2022-36202

Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control IDOR via id= parameter...

CVE-2022-36201

Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php...

Design/Logic Flaw

Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php...

CVE-2022-36201

Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php...

CVE-2022-36201

CVE-2022-36201 affects Doctor’s Appointment System v1.0. A blind SQL injection vulnerability exists in settings.php and is also exploitable via the id parameter in booking.php, enabling attackers to potentially access or modify data. The issue is documented with a high severity (CVSS v3.1: 9.8, c...

Doctor’s Appointment System 安全漏洞

Doctor's Appointment System is a doctor's appointment system by Hashen Udara, an individual developer. A security vulnerability exists in Doctor's Appointment System version 1.0, which stems from an incorrect access control in its edoc/patient/settings.php that results in an interrupted access...

Company Website CMS Access Control Error Vulnerability

Company Website CMS is a company website/CMS by Torrahclef Personal Developer. Company Website CMS suffers from an Access Control Error vulnerability that stems from incorrect access control in the file site-settings.php of the component Cookie Handler. An attacker could use this vulnerability to...

CVE-2022-2702

A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file site-settings.php of the component Cookie Handler. The manipulation leads to improper access controls. The attack may be launched remotely...