Event Registration System SQL注入漏洞

Event Registration System is a QR code based event registration system by Carlo Montero, a personal developer. An SQL injection vulnerability exists in Event Registration System version 1.0, which is caused by the presence of an unknown function in /registrar/ that leads to SQL injection via the...

Emlog Pro 代码问题漏洞

Emlog is a PHP and MySQL based CMS website builder for emlog individual developers. A code issue vulnerability exists in Emlog Pro version 2.3.4, which stems from an unknown function in the file admin/setting.php that causes unrestricted uploads...

CVE-2024-4966

A vulnerability was found in SourceCodester SchoolWebTech 1.0. It has been classified as critical. Affected is an unknown function of the file /improve/home.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...

Faraday GM8181和Faraday GM828x 信息泄露漏洞

The Faraday GM8181 and Faraday GM828x are both hardware devices from China-based Smartwon Technology Faraday. An information disclosure vulnerability exists in the Faraday GM8181, GM828x, which stems from commandport.ini containing an unknown function that leads to information disclosure...

O2OA 信息泄露漏洞

LanDe Network O2oa is an Oa office system from LanDe Network China. An information disclosure vulnerability exists in O2OA 20240403 and prior versions, which stems from an unknown function in the file /xportal that can lead to information disclosure...

CVE-2024-2927

CVE-2024-2927 affects code-projects Mobile Shop 1.0, specifically the Login Page’s Details.php. The vulnerability is a SQL injection triggered by manipulating the id parameter, with remote-exploitability and a critical impact profile per the sources. Multiple advisories (NVD, Red Hat CVE, CVE lis...

Ruijie Networks RG-NBS2009G-P Authorization Issues Vulnerability

Ruijie Networks RG-NBS2009G-P is a network security product from China's Ruijie Networks that is commonly used as an enterprise-class network border firewall. The Ruijie Networks RG-NBS2009G-P suffers from an authorization issue vulnerability that stems from the inclusion of an unknown function i...

Employee Task Management System Security Vulnerability

Employee Task Management System is an employee task management system by Carlo Montero Personal Developer. A security vulnerability exists in Employee Task Management System version 1.0, which originates from an unknown function in /edit-task.php that can be exploited by an attacker to bypass...

CVE-2024-2268 keerti1924 Online-Book-Store-Website unrestricted upload

A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. It has been classified as critical. Affected is an unknown function of the file /productupdate.php?update=1. The manipulation of the argument updateimage leads to unrestricted upload. It is possible to launch the attack...

House Rental Management System Security Vulnerability

House Rental Management System is a house rental management system by Carlo Montero Personal Developer. A security vulnerability exists in House Rental Management System version 1.0, which stems from an unknown function in booking.php/owner.php/tenant.php that results in missing authentication...

PbootCMS Cross-Site Scripting Vulnerability

PbootCMS is a PbootCMS personal developer of an open source enterprise website content management system CMS developed using the PHP language. A cross-site scripting vulnerability exists in PbootCMS version 3.2.5-20230421, which stems from the presence of an unknown function in the system that...

Qidianbang qdbcrm Cross-Site Request Forgery Vulnerability

Qidianbang qdbcrm is a customer relationship management platform. A cross-site request forgery vulnerability exists in Qidianbang qdbcrm version 1.1.0, which originates from the inclusion of an unknown function in the component Password Reset, leading to cross-site request forgery...

meetyoucrop big-whale security breach

big-whale is a task scheduling platform open-sourced by Meiyu meetyoucrop. A security vulnerability exists in meetyoucrop big-whale version 1.1, which stems from the presence of an unknown function in /auth/user/all.api in the component Admin Module, which leads to ownership mismanagement via the...

Mandelo ssm_shiro_blog Access Control Error Vulnerability

ssmshiroblog is a blogging system for mandelo individual developers. An access control error vulnerability exists in Mandelo ssmshiroblog version 1.0, which stems from the presence of an unknown function in updateRoles in the component Backend, leading to incorrect access control...

MTab Bookmark Access Control Error Vulnerability

MTab Bookmark is a clean cut powerful navigation site from MTab Inc. MTab Bookmark is a simple and powerful navigation site from MTab, which allows you to quickly add your favorite websites to your bookmarks. An access control error vulnerability exists in MTab Bookmark version 1.2.6 and classifi...

S-CMS SQL Injection Vulnerability

S-CMS is a PHP and MySQL based Content Management System CMS from S-CMS China. A SQL injection vulnerability exists in S-CMS version 2.0build20220529-20231006 and earlier versions, which stems from a problem with an unknown function in member/reg.php...

7-card Fakabao SQL Injection Vulnerability

7-card Fakabao is a content publishing platform. A SQL injection vulnerability exists in 7-card Fakabao 1.0build20230805 and classified as critical version and prior versions, which stems from an issue with an unknown function in shop/alipaynotify.php...

7-card Fakabao SQL Injection Vulnerability

7-card Fakabao is a content publishing platform. A SQL injection vulnerability exists in 7-card Fakabao 1.0build20230805 and classified as critical version and prior versions, which stems from an issue with an unknown function in shop/notify.php...

CVE-2023-6766 PHPGurukul Teacher Subject Allocation Management System Delete Course course.php cross-site request forgery

A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/course.php of the component Delete Course Handler. The manipulation of the argument delid leads to cross-site request forgery...

Inventory Management System Access Control Error Vulnerability

Inventory Management System is an inventory management system from the individual developers of stemword. An access control error vulnerability exists in CodeAstro POS and Inventory Management System version 1.0 due to the presence of an unknown function in /accountscon/registeraccount in the...