MTab Bookmark Access Control Error Vulnerability

MTab Bookmark is a clean cut powerful navigation site from MTab Inc. MTab Bookmark is a simple and powerful navigation site from MTab, which allows you to quickly add your favorite websites to your bookmarks. An access control error vulnerability exists in MTab Bookmark version 1.2.6 and classifi...

S-CMS SQL Injection Vulnerability

S-CMS is a PHP and MySQL based Content Management System CMS from S-CMS China. A SQL injection vulnerability exists in S-CMS version 2.0build20220529-20231006 and earlier versions, which stems from a problem with an unknown function in member/reg.php...

7-card Fakabao SQL Injection Vulnerability

7-card Fakabao is a content publishing platform. A SQL injection vulnerability exists in 7-card Fakabao 1.0build20230805 and classified as critical version and prior versions, which stems from an issue with an unknown function in shop/alipaynotify.php...

7-card Fakabao SQL Injection Vulnerability

7-card Fakabao is a content publishing platform. A SQL injection vulnerability exists in 7-card Fakabao 1.0build20230805 and classified as critical version and prior versions, which stems from an issue with an unknown function in shop/notify.php...

CVE-2023-6766 PHPGurukul Teacher Subject Allocation Management System Delete Course course.php cross-site request forgery

A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/course.php of the component Delete Course Handler. The manipulation of the argument delid leads to cross-site request forgery...

Inventory Management System Access Control Error Vulnerability

Inventory Management System is an inventory management system from the individual developers of stemword. An access control error vulnerability exists in CodeAstro POS and Inventory Management System version 1.0 due to the presence of an unknown function in /accountscon/registeraccount in the...

IceCMS Access Control Error Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation by NgShow individual developers. An Access Control Error vulnerability exists in Thecosy IceCMS version 2.0.1, which stems from the presence of an unknown function in /adplanet/PlanetCommentList in...

IceCMS Information Disclosure Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation of NgShow individual developers. An information leakage vulnerability exists in IceCMS version 2.0.1, which originates from the presence of an unknown function in /adplanet/PlanetUser in the API...

Inventory Management System Cross-Site Scripting Vulnerability

Inventory Management System is an inventory management system by stemword individual developers. A cross-site scripting vulnerability exists in CodeAstro POS and Inventory Management System version 1.0, which stems from the presence of an unknown function in /accountscon/registeraccount that lead...

Custom Login < 4.1.1 - Subscriber+ Unauthorised Action

Description The plugin does not have proper authorisation in an unknown function, allowing any authenticated attackers, such as subscribers, to perform an unauthorized action...

Perfmatters < 2.1.7 - Cross-Site Request Forgery

Description The Perfmatters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.6. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action...

Best Courier Management System Cross-Site Scripting Vulnerability

Best Courier Management System is a courier management system by Mayuri K. Individual developer. A cross-site scripting vulnerability exists in SourceCodester Best Courier Management System version 1.0, which stems from the presence of an unknown function that can lead to cross-site scripting by...

Best Courier Management System Cross-Site Scripting Vulnerability

Best Courier Management System is a courier management system by Mayuri K. Individual developer. A cross-site scripting vulnerability exists in SourceCodester Best Courier Management System version 1.0, which stems from the presence of an unknown function in the parcellist.php file in the compone...

CSZCMS License Issue Vulnerability

CSZCMS is an open source web application that allows managing all content and settings on a website. An authorization issue vulnerability exists in CSZCMS version 1.3.0, which stems from an unknown function in the file view template in the component File Manager Page, resulting in a permissions...

DiscordSailv2 Access Control Error Vulnerability

DiscordSailv2 is a rewrite of the original S.A.I.L robotics program by the individual developer Vaerys-Dawn. An Access Control Error vulnerability exists in DiscordSailv2 2.10.2 and earlier versions, which stems from the presence of an unknown function in the component Command Mention Handler,...

Pharmacy Point Of Sale System Code Issue Vulnerability

Pharmacy Point Of Sale System is a web-based application by Carlo Montero, an individual developer. It is used to help a pharmacy manage its sales transactions. A security vulnerability exists in Pharmacy Point Of Sale System version 1.0 due to the presence of an unknown function in the setting o...

Supcon InPlant SCADA Authorization Issues Vulnerability

Supcon InPlant SCADA is a SCADA program from Supcon. An authorization issue vulnerability exists in Supcon InPlant SCADA that stems from the presence of an unknown function in Project.xml, which results in improper authentication...

PT-2023-5276 · Supcon · Supcon Inplant Scada

Name of the Vulnerable Software and Affected Versions: Supcon InPlant SCADA up to 20230901 Description: A critical issue has been discovered related to improper authentication in the handling of project file loading. This could potentially allow an attacker to elevate their privileges. The issue ...

IBOS SQL Injection Vulnerability

IBOS is a collaborative office management system. A SQL injection vulnerability exists in IBOS OA version 4.5.5, which originates from an unknown function in ?r=file/dashboard/trash&op=del, which leads to sql injection via the parameter fid...

SourceCodester Simple Book Catalog App SQL Injection Vulnerability

Simple Book Catalog App is a simple book catalog application by the individual developer Remy Andrade. A SQL injection vulnerability exists in SourceCodester Simple Book Catalog App version 1.0, which stems from an unknown function in the file deletebook.php that causes a sql injection via the...