IceCMS Access Control Error Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation by NgShow individual developers. An Access Control Error vulnerability exists in Thecosy IceCMS version 2.0.1, which stems from the presence of an unknown function in /adplanet/PlanetCommentList in...

IceCMS Information Disclosure Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation of NgShow individual developers. An information leakage vulnerability exists in IceCMS version 2.0.1, which originates from the presence of an unknown function in /adplanet/PlanetUser in the API...

Inventory Management System Cross-Site Scripting Vulnerability

Inventory Management System is an inventory management system by stemword individual developers. A cross-site scripting vulnerability exists in CodeAstro POS and Inventory Management System version 1.0, which stems from the presence of an unknown function in /accountscon/registeraccount that lead...

Custom Login < 4.1.1 - Subscriber+ Unauthorised Action

Description The plugin does not have proper authorisation in an unknown function, allowing any authenticated attackers, such as subscribers, to perform an unauthorized action...

Perfmatters < 2.1.7 - Cross-Site Request Forgery

Description The Perfmatters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.6. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action...

Best Courier Management System Cross-Site Scripting Vulnerability

Best Courier Management System is a courier management system by Mayuri K. Individual developer. A cross-site scripting vulnerability exists in SourceCodester Best Courier Management System version 1.0, which stems from the presence of an unknown function that can lead to cross-site scripting by...

Best Courier Management System Cross-Site Scripting Vulnerability

Best Courier Management System is a courier management system by Mayuri K. Individual developer. A cross-site scripting vulnerability exists in SourceCodester Best Courier Management System version 1.0, which stems from the presence of an unknown function in the parcellist.php file in the compone...

CSZCMS License Issue Vulnerability

CSZCMS is an open source web application that allows managing all content and settings on a website. An authorization issue vulnerability exists in CSZCMS version 1.3.0, which stems from an unknown function in the file view template in the component File Manager Page, resulting in a permissions...

DiscordSailv2 Access Control Error Vulnerability

DiscordSailv2 is a rewrite of the original S.A.I.L robotics program by the individual developer Vaerys-Dawn. An Access Control Error vulnerability exists in DiscordSailv2 2.10.2 and earlier versions, which stems from the presence of an unknown function in the component Command Mention Handler,...

Pharmacy Point Of Sale System Code Issue Vulnerability

Pharmacy Point Of Sale System is a web-based application by Carlo Montero, an individual developer. It is used to help a pharmacy manage its sales transactions. A security vulnerability exists in Pharmacy Point Of Sale System version 1.0 due to the presence of an unknown function in the setting o...

PT-2023-5276 · Supcon · Supcon Inplant Scada

Name of the Vulnerable Software and Affected Versions: Supcon InPlant SCADA up to 20230901 Description: A critical issue has been discovered related to improper authentication in the handling of project file loading. This could potentially allow an attacker to elevate their privileges. The issue ...

Supcon InPlant SCADA Authorization Issues Vulnerability

Supcon InPlant SCADA is a SCADA program from Supcon. An authorization issue vulnerability exists in Supcon InPlant SCADA that stems from the presence of an unknown function in Project.xml, which results in improper authentication...

SourceCodester Simple Book Catalog App SQL Injection Vulnerability

Simple Book Catalog App is a simple book catalog application by the individual developer Remy Andrade. A SQL injection vulnerability exists in SourceCodester Simple Book Catalog App version 1.0, which stems from an unknown function in the file deletebook.php that causes a sql injection via the...

IBOS SQL Injection Vulnerability

IBOS is a collaborative office management system. A SQL injection vulnerability exists in IBOS OA version 4.5.5, which originates from an unknown function in ?r=file/dashboard/trash&op=del, which leads to sql injection via the parameter fid...

CVE-2023-4437

A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/searchsellpaymenreport.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack...

PT-2023-26526 · Unknown · Phpscriptpoint Insurance

Name of the Vulnerable Software and Affected Versions: phpscriptpoint Insurance version 1.2 Description: A vulnerability was found in the software, classified as problematic. It affects an unknown function of the file /page.php, leading to cross site scripting. The manipulation can be launched...

IBOS SQL注入漏洞

IBOS is a collaborative office management system. A SQL injection vulnerability exists in IBOS OA version 4.5.5, which originates from the presence of an unknown function in the file /?r=recruit/resume/edit&op=status in the component Interview Handler, which leads to a sql injection via the...

DedeBIZ 跨站脚本漏洞

DedeBIZ is a content management system from China Muyun Intelligent Technology DedeBIZ company. A cross-site scripting vulnerability exists in DedeBIZ version 6.2.10, which originates from the presence of an unknown function in the file /admin/syssqlquery.php, resulting in cross-site scripting...

CVE-2023-3806

A vulnerability, which was classified as critical, was found in SourceCodester House Rental and Property Listing System 1.0. Affected is an unknown function of the file btnfunctions.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has...

Hospital Management System SQL注入漏洞

The Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. A SQL injection vulnerability exists in Hospital Management System version 1.0, which stems from the presence of an unknown functi...