15 matches found
CVE-2022-37140
PayMoney 3.3 is vulnerable to Client Side Remote Code Execution RCE. The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file...
EUVD-2025-198426
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ehcrmnewticketpost function in all versions up to, and including, 3.3.1. This makes it possible for unauthenticated attackers to upload...
SourceCodester Train Station Ticketing System SQL注入漏洞
SourceCodester Train Station Ticketing System is SourceCodester open source a train station ticketing system. A SQL injection vulnerability exists in SourceCodester Train Station Ticketing System version 1.0, which stems from an incorrect operation of the function saveticket in the file /ajax.php...
EUVD-2023-28667
Malicious code in bioql PyPI...
EUVD-2023-28663
Malicious code in bioql PyPI...
CVE-2023-26982
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting XSS vulnerability via the Add Tags parameter under the Create Ticket function...
CVE-2023-24652
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the Description parameter under the Create ticket function...
CVE-2023-24656
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subject parameter under the Create Ticket function...
CVE-2023-26982
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting XSS vulnerability via the Add Tags parameter under the Create Ticket function...
CVE-2023-24652
CVE-2023-24652 affects Simple Customer Relationship Management System v1.0. The issue is a SQL injection vulnerability in the Description parameter of the Create ticket function, potentially allowing unauthorized data access/modification. According to the cited metrics, impact is High (C, I, A = ...
CVE-2023-24656
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subject parameter under the Create Ticket function...
PT-2023-19725 · Unknown · Simple Customer Relationship Management System
Name of the Vulnerable Software and Affected Versions: Simple Customer Relationship Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the Description parameter under the Create ticket function. Recommendations...
CVE-2023-24652
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the Description parameter under the Create ticket function...
Cross site scripting
PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting XSS during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the vi...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in IDevSpot iSupport 1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the a 5 or b 9 field in a post action to ticketfunction.php, reachable through ticketsubmit.php and index.php; c the which parameter to...