134 matches found
Sql injection
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the /update.php?q=addqns resource does not validate the characters received and they are sent unfiltered to the database...
Sql injection
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-45118
CVE-2023-45118 affects Online Examination System v1.0, where the fdid parameter in /update.php is not validated and is sent unfiltered to the database, enabling multiple authenticated SQL injection vulnerabilities (impact described as High, CVSS 3.1). The issue stems from unsanitized input in the...
PT-2023-29419 · Unknown · Online Examination System
Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. Specifically, the qid parameter of the "/update.php?q=quiz&step=2" resource does not validate the characters received,...
PT-2023-29421 · Unknown · Online Examination System
Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. The 'name' parameter of the "update.php" resource does not validate the characters received, and they are sent...
PT-2023-29416 · Unknown · Online Examination System
Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. Specifically, the eid parameter of the "/update.php?q=rmquiz" resource does not validate the characters received, and...
PT-2023-29415 · Unknown · Online Examination System
Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. Specifically, the demail parameter of the "/update.php" resource does not validate the characters received, and they a...
PT-2023-29420 · Unknown · Online Examination System
Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the "/update.php?q=addquiz" resource does not validate the characters received, and they are...
PT-2023-31448 · Unknown · Hotel Booking Management
Name of the Vulnerable Software and Affected Versions: Hotel Booking Management version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "update.php" endpoint. Recommendations: For Hotel Booking Management...
Sql injection
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via update.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all th...
CVE-2023-6417 SQL injection in Voovi Social Networking Script
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via update.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all th...
CVE-2023-6417 SQL injection in Voovi Social Networking Script
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via update.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all th...
CVE-2023-4869
A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file update.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been...
Cross site request forgery (csrf)
A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file update.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been...
CVE-2023-4869
CVE-2023-4869 affects SourceCodester Contact Manager App 1.0. The root cause is a cross-site request forgery vulnerability in the update.php file, enabling CSRF exploitation remotely. Public disclosures and multiple sources (NVD, Red Hat advisory, CVE records, and third‑party databases) consisten...
CVE-2023-4869 SourceCodester Contact Manager App update.php cross-site request forgery
A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file update.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been...
CVE-2023-25432
An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer0/admins/assessments/course/course-update.php...
CVE-2015-10031
A vulnerability classified as critical was found in purpleparrots 491-Project. This vulnerability affects unknown code of the file update.php of the component Highscore Handler. The manipulation leads to sql injection. The name of the patch is a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab. It is...
Sql injection
A vulnerability classified as critical was found in purpleparrots 491-Project. This vulnerability affects unknown code of the file update.php of the component Highscore Handler. The manipulation leads to sql injection. The name of the patch is a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab. It is...
CVE-2015-10031 purpleparrots 491-Project Highscore update.php sql injection
A vulnerability classified as critical was found in purpleparrots 491-Project. This vulnerability affects unknown code of the file update.php of the component Highscore Handler. The manipulation leads to sql injection. The name of the patch is a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab. It is...