229 matches found
PT-2025-21824 · Totolink · Totolink N300Rt
Name of the Vulnerable Software and Affected Versions: TOTOLINK N300RH version 6.1c.1390 B20191101 Description: A critical issue affects the function CloudACMunualUpdateUserdata of the file "/cgi-bin/cstecgi.cgi". The manipulation of the url argument leads to command injection. This issue can be...
CVE-2025-2323 274056675 springboot-openai-chatgpt Number of Question questionCou updateQuestionCou behavioral workflow
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been declared as problematic. This vulnerability affects the function updateQuestionCou of the file /api/mjkj-chat/chat/mng/update/questionCou of the component Number of Question Handler. The manipulation leads to...
CVE-2024-41140
CVE-2024-41140 affects Zohocorp ManageEngine Applications Manager versions 174000 and prior, with an incorrect authorization in the update user function. Public documentation from NVD and Red Hat confirms impact to confidentiality and integrity (high), with network attack vector, low attack compl...
PT-2025-2604 · Zohocorp · Zoho Manageengine Applications Manager
Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine Applications Manager versions 174000 and prior Description: The issue is related to incorrect authorization in the update user function. This allows for potential unauthorized access or modifications. The estimated numbe...
CVE-2024-13192
A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Affected is the function update of the file src/main/java/com/wdd/myblog/controller/admin/BlogController.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The...
PT-2025-2050 · Unknown · Zerowdd Myblog
Name of the Vulnerable Software and Affected Versions: ZeroWdd myblog version 1.0 Description: A problem has been detected in the update function of the file src/main/java/com/wdd/myblog/controller/admin/BlogController.java. This issue leads to cross site scripting attacks, which can be launched...
CVE-2024-12980
A vulnerability was found in code-projects Job Recruitment 1.0. It has been classified as problematic. Affected is the function flnupdate of the file /parse/alledits.php. The manipulation of the argument fname/lname leads to cross site scripting. It is possible to launch the attack remotely. The...
CVE-2024-12966
A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as critical. This issue affects the function cnupdate of the file /parse/alledits.php. The manipulation of the argument cname/url leads to sql injection. The attack may be initiated remotely. The exploit has been...
Code-Projects Job Recruitment 注入漏洞
Code-Projects Job Recruitment is a job portal of Code-Projects open source. Code-Projects Job Recruitment version 1.0 suffers from an injection vulnerability, which originates from the parameter fname/lname in the flnupdate function of the file /parse/alledits.php, which can lead to SQL injection...
PT-2024-9925 · Unknown · Code-Projects Job Recruitment
Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment version 1.0 Description: A critical issue affects the cn update function of the file / parse/ all edits.php. The manipulation of the cname and url arguments leads to SQL injection. The attack may be initiated...
PT-2024-9923 · Unknown · Job Recruitment
Name of the Vulnerable Software and Affected Versions: Job Recruitment version 1.0 Description: A critical vulnerability has been found in the function fln update of the file / parse/ all edits.php. The issue is related to the lack of neutralization of special elements when processing the...
PT-2024-17517 · Orbisius · Orbisius-Child-Theme-Creator
Name of the Vulnerable Software and Affected Versions: Child Theme Creator by Orbisius plugin for WordPress versions up to, and including, 1.5.5 Description: The issue is related to unauthorized modification of data due to a missing capability check on the cloud delete and cloud update functions...
CVE-2024-12350
A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command...
PT-2024-17560 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinalCMS version 1.0 Description: The issue is related to incorrect code generation management in the Template Handler component of the JFinalCMS system. Exploitation of this issue may allow a remote attacker to execute arbitrary code. The...
CVE-2024-50801
A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update function in publichtml/admin/controller/responses/listinggrid/collections.php. The vulnerability is exploitable via the id parameter...
CVE-2024-50801
A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update function in publichtml/admin/controller/responses/listinggrid/collections.php. The vulnerability is exploitable via the id parameter...
CVE-2024-50802
A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update function in publichtml/admin/controller/responses/listinggrid/emailtemplates.php. The vulnerability is exploitable via the id parameter...
CVE-2024-50802
A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update function in publichtml/admin/controller/responses/listinggrid/emailtemplates.php. The vulnerability is exploitable via the id parameter...
CVE-2024-50802
A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update function in publichtml/admin/controller/responses/listinggrid/emailtemplates.php. The vulnerability is exploitable via the id parameter...
PT-2024-34412 · Unknown · Abantecart
Name of the Vulnerable Software and Affected Versions: AbanteCart version 1.4.0 Description: A SQL Injection issue was discovered in the update function within the public html/admin/controller/responses/listing grid/collections.php file. The issue is exploitable via the id parameter...