Astra Linux - уязвимость в wireshark

Uncontrolled recursion in the Bluetooth DHT dissector in Wireshark versions 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows for denial of service through packet injection or crafted capture files...

CVE-2024-41244

An Incorrect Access Control vulnerability was found in /smsa/viewclass.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view CLASS details...

CVE-2023-24774

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...

CVE-2023-24773

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list...

CVE-2024-57035

WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage parameter in /controle/control.php...

CVE-2024-57035

WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage parameter in /controle/control.php...

CVE-2024-53472

WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery CSRF...

CVE-2024-53472

WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery CSRF...

CVE-2024-53471

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/meiopagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

CVE-2024-51995

Combodo iTop is affected by a logic bug in ajax.render.php that allows bypassing backOffice access control by crafting arbitrary routes, unless an allowed operation is specified. The issue is resolved in version 3.2.0 by applying the same access-control pattern used in UI.php to ajax.render.php, ...

Kashipara Responsive School Management System 安全漏洞

Kashipara Responsive School Management System is a school management system from Kashipara. A security vulnerability exists in Kashipara Responsive School Management System version v3.2.0, which originates from an SQL injection vulnerability contained in the /smsa/teacherlogin.php file...

CVE-2024-27920

The CVE covers projectdiscovery/nuclei where unsigned code templates could be executed via workflows in Nuclei v3. root cause: oversight in workflow execution that allows executing unsigned templates. Impact: local execution with high severity per listed metrics; effects are mitigation-dependent ...

CVE-2023-39834

CVE-2023-39834 affects PbootCMS prior to version 3.2.0. The vulnerability is a command injection via the create_function construct in PHP, with confirmed impact described across sources. Affected software: PbootCMS (PHP-based CMS); vulnerable component: create_function usage in versions before 3....

CVE-2020-36732

The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...

Funadmin vulnerable to SQL injection

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...

CVE-2023-24774

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...

CVE-2023-24774

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...

Sql injection

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...

CVE-2023-24774

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...

CVE-2023-24774

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...