CVE-2024-9032

A vulnerability, which was classified as critical, was found in SourceCodester Simple Forum-Discussion System 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument page leads to path traversal. It is possible to launch the attack remotely. The exploit has...

WCMS 路径遍历漏洞

WCMS is a content management system CMS from the individual developers at Vedegis. A path traversal vulnerability exists in WCMS version 0.3.2 and earlier, which stems from an unknown function in the /wex/finder.php file that improperly handles the parameter p, resulting in path traversal...

CVE-2024-8173

A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file /login.php of the component Login Page. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2024-7853 SourceCodester Yoga Class Registration System sql injection

A vulnerability was found in SourceCodester Yoga Class Registration System up to 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=categories/viewcategory. The manipulation of the argument id leads to sql injection. It is possible to launch the atta...

CVE-2024-7853

CVE-2024-7853 affects SourceCodester Yoga Class Registration System (up to v1.0). The vulnerability is an SQL injection in the file /admin/?page=categories/view_category, triggered by manipulating the id parameter. It can be exploited remotely, and public disclosure of the exploit is noted. The c...

CVE-2024-7853 SourceCodester Yoga Class Registration System sql injection

A vulnerability was found in SourceCodester Yoga Class Registration System up to 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=categories/viewcategory. The manipulation of the argument id leads to sql injection. It is possible to launch the atta...

CVE-2024-7808

A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file logindbc.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to t...

CVE-2024-6679

CVE-2024-6679 affects witmy my-springsecurity-plus (up to 2024-07-04). The flaw exists in the /api/role endpoint where manipulating the argument params.dataScope enables SQL injection. It can be exploited remotely and the vulnerability has been publicly disclosed. Multiple sources (NVD, CVE List,...

CVE-2024-6679 witmy my-springsecurity-plus role sql injection

A vulnerability classified as critical has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected is an unknown function of the file /api/role. The manipulation of the argument params.dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

CVE-2024-6440 SourceCodester Home Owners Collection Management System sql injection

A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Master.php?f=deletecategory. The manipulation of the argument id leads to sql injection. It is possible to launch the...

PT-2024-37573 · Labvantage · Labvantage Lims

Name of the Vulnerable Software and Affected Versions: LabVantage LIMS version 2017 Description: A problematic vulnerability has been found in the software. The issue affects an unknown function of the file /labvantage/rc?command=page&sdcid=LV ReagentLot of the component POST Request Handler. The...

CVE-2024-6183 EZ-Suite EZ-Partner Forgot Password cross site scripting

A vulnerability classified as problematic has been found in EZ-Suite EZ-Partner 5. Affected is an unknown function of the component Forgot Password Handler. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. VDB-269154 is the identifier assigned to...

Online Book Store SQL Injection Vulnerability

Online Book Store is an online bookstore by Arvin Arandilla, a personal developer. A SQL injection vulnerability exists in itsourcecode Online Book Store version 1.0, which stems from editbook.php containing an unknown function that causes SQL injection via the parameter image...

Payroll Management System SQL Injection Vulnerability

Payroll Management System is a payroll management system by Carlo Montero Personal Developer. Itsourcecode Payroll Management System version 1.0 suffers from a SQL injection vulnerability that originates from the inclusion of an unknown function in payrollitems.php, which leads to SQL injection v...

House Rental System SQL Injection Vulnerability

House Rental System is a house rental management system that allows you to add, modify and delete property information, and to place reservations. A SQL injection vulnerability exists in Online House Rental System version 1.0. The vulnerability stems from the fact that manageuser.php contains an...

Employee and Visitor Gate Pass Logging System Cross-Site Scripting Vulnerability

Employee and Visitor Gate Pass Logging System is an employee and visitor pass logging system developed by Carlo Montero, an individual developer. A cross-site scripting vulnerability exists in Employee and Visitor Gate Pass Logging System version 1.0, which originates from an unknown function in...

Online Discussion Forum Code Issues Vulnerabilities

Online Discussion Forum is a forum website. A code issue exists in version 1.0 of Online Discussion Forum, which originates from /members/poster.php containing an unknown function that causes unrestricted uploads via the parameter image...

Bakery Online Ordering System Code Issue Vulnerability

Bakery Online Ordering System is a bakery online ordering system by janobe individual developer. A code issue vulnerability exists in Bakery Online Ordering System version 1.0, which stems from /admin/modules/product/controller.php containing an unknown function that causes unrestricted uploads v...

CVE-2024-5390

A vulnerability, which was classified as critical, was found in itsourcecode Online Student Enrollment System 1.0. Affected is an unknown function of the file listofstudent.php. The manipulation of the argument lname leads to sql injection. It is possible to launch the attack remotely. The exploi...

CVE-2024-5374 Kashipara College Management System submit_new_faculty.php cross site scripting

A vulnerability, which was classified as problematic, was found in Kashipara College Management System 1.0. Affected is an unknown function of the file submitnewfaculty.php. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The...