Lucene search
K

1393 matches found

CNVD
CNVD
added 2022/06/09 12:0 a.m.10 views

Badminton Center Management System SQL注入漏洞(CNVD-2022-44728)

Badminton Center Management System is a badminton center management system from Carlo Montero's personal developer. It provides an online and automated platform for badminton centers to manage their daily transactions and records. version v1.0 of Badminton Center Management System is vulnerable t...

7.2CVSS4.1AI score0.00958EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.3 views

ACEware Systems ACEweb Online Portal 跨站脚本漏洞

ACEware Systems ACEweb Online Portal is a component of the Student Manager solution from ACEware Systems, Inc. A cross-site scripting vulnerability exists in ACEware Systems ACEweb Online Portal version 3.5.065, which originates in person. The txtNmName1 parameter in awp lacks a validation filter...

6.1CVSS5.6AI score0.00742EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.2 views

Rescue Dispatch Management System SQL注入漏洞

Rescue Dispatch Management System is a rescue dispatch management system from Carlo Montero's personal developer. rescue dispatch management system v1.0 is vulnerable to SQL injection, which originates from rdms/admin/ respondenttypes/viewrespondenttype.php?id=The page lacks validation for extern...

9.8CVSS6AI score0.01081EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.5 views

Online Car Wash Booking System SQL注入漏洞

Online Car Wash Booking System is an online car wash booking system from Carlo Montero's personal developer. version v1.0 of Online Car Wash Booking System is vulnerable to SQL injection, which originates from /ocwbs/admin/?page=bookings /viewdetails&id=page lacks validation of external input SQL...

9.8CVSS5.9AI score0.01067EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.3 views

Online Car Wash Booking System SQL注入漏洞

Online Car Wash Booking System is an online car wash booking system from Carlo Montero's personal developer. version v1.0 of Online Car Wash Booking System is vulnerable to SQL injection, which originates from /ocwbs/classes/Master.php?f =deletevehicle page lacks validation for external input SQL...

9.8CVSS5.9AI score0.01081EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.4 views

Wedding Management System SQL注入漏洞

Wedding Management System is a wedding planning management system by John Paul Lim Gabule, a personal developer. v1.0 of Wedding Management System is vulnerable to SQL injection, which originates from the admin/photosedit.php page's lack of validation of external An attacker can use this...

7.2CVSS6.1AI score0.00958EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.6 views

Complete Online Job Search System SQL注入漏洞

Complete Online Job Search System is an online job search system. complete Online Job Search System is vulnerable to SQL injection, which originates from eris/admin/category/index.php?view=edit & id=page missing validation of external input SQL statements. An attacker could use this vulnerability...

7.2CVSS6AI score0.01321EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.4 views

Online Car Wash Booking System SQL注入漏洞

Online Car Wash Booking System is an online car wash booking system from Carlo Montero's personal developer. service.php?id=The page lacks validation for external input SQL statements, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...

9.8CVSS6AI score0.01081EPSS
Exploits1References2
OSV
OSV
added 2022/05/24 10:0 p.m.2 views

GHSA-8MX3-GP3P-VGG7 kevinsawicki/http-request Missing certificate validation

OSS Http Request kevinsawicki/http-request is missing SSL/TLS certificate validation. The impact is: certificate spoofing. The component is: use this library when https communication. The attack vector is: certificate spoofing...

5.9CVSS5.8AI score0.0057EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/05/24 12:0 a.m.4 views

ChatBot Application with a Suggestion Feature SQL注入漏洞

ChatBot Application with a Suggestion FeatureA ChatBot application with a suggestion feature. chatBot Application with a Suggestion Feature v1.0 is vulnerable to a SQL injection vulnerability in /simple chatbot/classes/Master.php?f=deleteresponse, id is missing validation for external input SQL...

8.8CVSS6.1AI score0.00921EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/05/20 12:0 a.m.3 views

Popcorn Time 跨站脚本漏洞

Popcorn Time is a multi-platform BitTorrent client. version 0.4.7 of Popcorn Time is vulnerable to a cross-site scripting vulnerability that originates in the setting page Movies API Servers field's lack of data validation filtering for user-supplied data and output. An attacker could exploit the...

5.4CVSS5.2AI score0.0053EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/05/19 12:0 a.m.3 views

Online Sports Complex Booking System SQL注入漏洞

Online Sports Complex Booking System is an online stadium booking system from Carlo Montero's personal developer. Online Sports Complex Booking System is vulnerable to a cross-site scripting vulnerability that originates in /scbs/classes/Users. php?f=saveclient lacks a validation filter for...

6.1CVSS6.2AI score0.00791EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/05/18 12:0 a.m.4 views

ToolJet 跨站脚本漏洞

A code injection vulnerability exists in ToolJet v0.6.0 through v1.10.2, which stems from a lack of data validation filtering of user-supplied data and output in the first and last name fields of the invitation email. An attacker could exploit this vulnerability to inject malicious code when...

5.4CVSS5.7AI score0.00576EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/05/16 12:0 a.m.5 views

GNUBOARD5 跨站脚本漏洞

GNUBOARD5 is a PHP and MySQL-based Web forum system. GNUBOARD5 versions 5.55 and 5.56 are vulnerable to a cross-site scripting vulnerability, which originates in bbs/memberconfirm.php and lacks a data validation filter for user-supplied data and output. An attacker could exploit this vulnerabilit...

6.1CVSS6.3AI score0.0067EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/05/12 12:0 a.m.5 views

Online Sports Complex Booking System SQL注入漏洞

Online Sports Complex Booking System is an online stadium booking system by Carlo Montero, a personal developer. Online Sports Complex Booking System version 1.0 is vulnerable to a SQL injection vulnerability that originates in scbs/classes/ Master.php?f=deletefacility, the id parameter of the po...

9.8CVSS8.7AI score0.01068EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/05/12 12:0 a.m.2 views

Online Sports Complex Booking System SQL注入漏洞

Online Sports Complex Booking System is an online stadium booking system by Carlo Montero, a personal developer. page=facilities/managefacility&id= lacks validation of external input SQL statements, which can be exploited to execute illegal SQL commands to steal sensitive database data...

9.8CVSS8.7AI score0.01068EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2022/05/10 1:36 p.m.3 views

mod_auth_openidc: open redirect due to target_link_uri parameter not validated

A open redirect flaw was found in modauthopenidc where it does not sanitize targetlinkuri paramater properly. This issue could be used by a remote attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially...

6.1CVSS5.8AI score0.0175EPSS
Exploits1References5
CNVD
CNVD
added 2022/05/08 12:0 a.m.23 views

Jfinal CMS SQL Injection Vulnerability

Jfinal CMS is a java development information consulting website. jfinal CMS version 5.1.0 is vulnerable to SQL injection, which originates from com.jflyfox.system.log.LogController.java missing validation of external input SQL statements. An attacker could use this vulnerability to execute illega...

6.5CVSS4.9AI score0.00915EPSS
Exploits1Affected Software1
CNNVD
CNNVD
added 2022/04/26 12:0 a.m.8 views

nopCommerce 跨站脚本漏洞

nopCommerce is an open source general-purpose e-commerce platform. nopCommerce version 4.50.1 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the "Text" parameter when creating a new post. An attacker...

5.4CVSS5.6AI score0.00681EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/04/25 12:0 a.m.3 views

IBM Planning Analytics 代码问题漏洞

IBM Planning Analytics is a business planning and analysis solution from IBM Corporation. Planning Analytics Workspace is the Web management interface for IBM Planning Analytics. IBM Planning Analytics Workspace version 2.0 contains a file upload vulnerability that stems from a failure to Validat...

8CVSS5.8AI score0.00725EPSS
Exploits0References4
Rows per page
Query Builder