CVE-2024-6679

CVE-2024-6679 affects witmy my-springsecurity-plus (up to 2024-07-04). The flaw exists in the /api/role endpoint where manipulating the argument params.dataScope enables SQL injection. It can be exploited remotely and the vulnerability has been publicly disclosed. Multiple sources (NVD, CVE List,...

CVE-2024-6679 witmy my-springsecurity-plus role sql injection

A vulnerability classified as critical has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected is an unknown function of the file /api/role. The manipulation of the argument params.dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

CVE-2024-6440 SourceCodester Home Owners Collection Management System sql injection

A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Master.php?f=deletecategory. The manipulation of the argument id leads to sql injection. It is possible to launch the...

PT-2024-37573 · Labvantage · Labvantage Lims

Name of the Vulnerable Software and Affected Versions: LabVantage LIMS version 2017 Description: A problematic vulnerability has been found in the software. The issue affects an unknown function of the file /labvantage/rc?command=page&sdcid=LV ReagentLot of the component POST Request Handler. The...

CVE-2024-6183 EZ-Suite EZ-Partner Forgot Password cross site scripting

A vulnerability classified as problematic has been found in EZ-Suite EZ-Partner 5. Affected is an unknown function of the component Forgot Password Handler. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. VDB-269154 is the identifier assigned to...

Online Book Store SQL Injection Vulnerability

Online Book Store is an online bookstore by Arvin Arandilla, a personal developer. A SQL injection vulnerability exists in itsourcecode Online Book Store version 1.0, which stems from editbook.php containing an unknown function that causes SQL injection via the parameter image...

Payroll Management System SQL Injection Vulnerability

Payroll Management System is a payroll management system by Carlo Montero Personal Developer. Itsourcecode Payroll Management System version 1.0 suffers from a SQL injection vulnerability that originates from the inclusion of an unknown function in payrollitems.php, which leads to SQL injection v...

House Rental System SQL Injection Vulnerability

House Rental System is a house rental management system that allows you to add, modify and delete property information, and to place reservations. A SQL injection vulnerability exists in Online House Rental System version 1.0. The vulnerability stems from the fact that manageuser.php contains an...

Employee and Visitor Gate Pass Logging System Cross-Site Scripting Vulnerability

Employee and Visitor Gate Pass Logging System is an employee and visitor pass logging system developed by Carlo Montero, an individual developer. A cross-site scripting vulnerability exists in Employee and Visitor Gate Pass Logging System version 1.0, which originates from an unknown function in...

Online Discussion Forum Code Issues Vulnerabilities

Online Discussion Forum is a forum website. A code issue exists in version 1.0 of Online Discussion Forum, which originates from /members/poster.php containing an unknown function that causes unrestricted uploads via the parameter image...

Bakery Online Ordering System Code Issue Vulnerability

Bakery Online Ordering System is a bakery online ordering system by janobe individual developer. A code issue vulnerability exists in Bakery Online Ordering System version 1.0, which stems from /admin/modules/product/controller.php containing an unknown function that causes unrestricted uploads v...

CVE-2024-5390

A vulnerability, which was classified as critical, was found in itsourcecode Online Student Enrollment System 1.0. Affected is an unknown function of the file listofstudent.php. The manipulation of the argument lname leads to sql injection. It is possible to launch the attack remotely. The exploi...

CVE-2024-5374 Kashipara College Management System submit_new_faculty.php cross site scripting

A vulnerability, which was classified as problematic, was found in Kashipara College Management System 1.0. Affected is an unknown function of the file submitnewfaculty.php. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The...

College Management System 跨站脚本漏洞

College Management System is a simple project organized by Code Projects. It is used to keep track of students, teachers, subjects, schedules and all things related to college. A cross-site scripting vulnerability exists in Kashipara College Management System version 1.0, which stems from the...

College Management System 跨站脚本漏洞

College Management System is a simple project organized by Code Projects. It is used to keep track of students, teachers, subjects, schedules and all things related to college. A cross-site scripting vulnerability exists in Kashipara College Management System version 1.0, which stems from the...

CVE-2024-5120 SourceCodester Event Registration System sql injection

A vulnerability was found in SourceCodester Event Registration System 1.0. It has been classified as critical. Affected is an unknown function of the file /registrar/?page=registration. The manipulation of the argument e leads to sql injection. It is possible to launch the attack remotely. The...

Event Registration System SQL注入漏洞

Event Registration System is a QR code based event registration system by Carlo Montero Personal Developer. An SQL injection vulnerability exists in Event Registration System version 1.0, which originates from the presence of an unknown function in /registrar/ that causes SQL injection via the...

Directory Management System SQL注入漏洞

Directory Management System is a directory management system by the individual developer Anuj Kumar. A SQL injection vulnerability exists in Directory Management System version 1.0, which originates from an unknown function in /admin/index.php that causes SQL injection via the parameter username...

Event Registration System 跨站脚本漏洞

Event Registration System is a QR code-based event registration system by Carlo Montero, a private developer. A cross-site scripting vulnerability exists in Event Registration System version 1.0, which originates from an unknown function in /registrar/ that leads to cross-site scripting via the...

Directory Management System 跨站脚本漏洞

Directory Management System is a directory management system by the individual developer Anuj Kumar. A cross-site scripting vulnerability exists in Directory Management System version 1.0, which stems from an unknown function in /admin/admin-profile.php that results in cross-site scripting...