1393 matches found
Badminton Center Management System SQL注入漏洞(CNVD-2022-44728)
Badminton Center Management System is a badminton center management system from Carlo Montero's personal developer. It provides an online and automated platform for badminton centers to manage their daily transactions and records. version v1.0 of Badminton Center Management System is vulnerable t...
ACEware Systems ACEweb Online Portal 跨站脚本漏洞
ACEware Systems ACEweb Online Portal is a component of the Student Manager solution from ACEware Systems, Inc. A cross-site scripting vulnerability exists in ACEware Systems ACEweb Online Portal version 3.5.065, which originates in person. The txtNmName1 parameter in awp lacks a validation filter...
Rescue Dispatch Management System SQL注入漏洞
Rescue Dispatch Management System is a rescue dispatch management system from Carlo Montero's personal developer. rescue dispatch management system v1.0 is vulnerable to SQL injection, which originates from rdms/admin/ respondenttypes/viewrespondenttype.php?id=The page lacks validation for extern...
Online Car Wash Booking System SQL注入漏洞
Online Car Wash Booking System is an online car wash booking system from Carlo Montero's personal developer. version v1.0 of Online Car Wash Booking System is vulnerable to SQL injection, which originates from /ocwbs/admin/?page=bookings /viewdetails&id=page lacks validation of external input SQL...
Online Car Wash Booking System SQL注入漏洞
Online Car Wash Booking System is an online car wash booking system from Carlo Montero's personal developer. version v1.0 of Online Car Wash Booking System is vulnerable to SQL injection, which originates from /ocwbs/classes/Master.php?f =deletevehicle page lacks validation for external input SQL...
Wedding Management System SQL注入漏洞
Wedding Management System is a wedding planning management system by John Paul Lim Gabule, a personal developer. v1.0 of Wedding Management System is vulnerable to SQL injection, which originates from the admin/photosedit.php page's lack of validation of external An attacker can use this...
Complete Online Job Search System SQL注入漏洞
Complete Online Job Search System is an online job search system. complete Online Job Search System is vulnerable to SQL injection, which originates from eris/admin/category/index.php?view=edit & id=page missing validation of external input SQL statements. An attacker could use this vulnerability...
Online Car Wash Booking System SQL注入漏洞
Online Car Wash Booking System is an online car wash booking system from Carlo Montero's personal developer. service.php?id=The page lacks validation for external input SQL statements, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...
GHSA-8MX3-GP3P-VGG7 kevinsawicki/http-request Missing certificate validation
OSS Http Request kevinsawicki/http-request is missing SSL/TLS certificate validation. The impact is: certificate spoofing. The component is: use this library when https communication. The attack vector is: certificate spoofing...
ChatBot Application with a Suggestion Feature SQL注入漏洞
ChatBot Application with a Suggestion FeatureA ChatBot application with a suggestion feature. chatBot Application with a Suggestion Feature v1.0 is vulnerable to a SQL injection vulnerability in /simple chatbot/classes/Master.php?f=deleteresponse, id is missing validation for external input SQL...
Popcorn Time 跨站脚本漏洞
Popcorn Time is a multi-platform BitTorrent client. version 0.4.7 of Popcorn Time is vulnerable to a cross-site scripting vulnerability that originates in the setting page Movies API Servers field's lack of data validation filtering for user-supplied data and output. An attacker could exploit the...
Online Sports Complex Booking System SQL注入漏洞
Online Sports Complex Booking System is an online stadium booking system from Carlo Montero's personal developer. Online Sports Complex Booking System is vulnerable to a cross-site scripting vulnerability that originates in /scbs/classes/Users. php?f=saveclient lacks a validation filter for...
ToolJet 跨站脚本漏洞
A code injection vulnerability exists in ToolJet v0.6.0 through v1.10.2, which stems from a lack of data validation filtering of user-supplied data and output in the first and last name fields of the invitation email. An attacker could exploit this vulnerability to inject malicious code when...
GNUBOARD5 跨站脚本漏洞
GNUBOARD5 is a PHP and MySQL-based Web forum system. GNUBOARD5 versions 5.55 and 5.56 are vulnerable to a cross-site scripting vulnerability, which originates in bbs/memberconfirm.php and lacks a data validation filter for user-supplied data and output. An attacker could exploit this vulnerabilit...
Online Sports Complex Booking System SQL注入漏洞
Online Sports Complex Booking System is an online stadium booking system by Carlo Montero, a personal developer. Online Sports Complex Booking System version 1.0 is vulnerable to a SQL injection vulnerability that originates in scbs/classes/ Master.php?f=deletefacility, the id parameter of the po...
Online Sports Complex Booking System SQL注入漏洞
Online Sports Complex Booking System is an online stadium booking system by Carlo Montero, a personal developer. page=facilities/managefacility&id= lacks validation of external input SQL statements, which can be exploited to execute illegal SQL commands to steal sensitive database data...
mod_auth_openidc: open redirect due to target_link_uri parameter not validated
A open redirect flaw was found in modauthopenidc where it does not sanitize targetlinkuri paramater properly. This issue could be used by a remote attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially...
Jfinal CMS SQL Injection Vulnerability
Jfinal CMS is a java development information consulting website. jfinal CMS version 5.1.0 is vulnerable to SQL injection, which originates from com.jflyfox.system.log.LogController.java missing validation of external input SQL statements. An attacker could use this vulnerability to execute illega...
nopCommerce 跨站脚本漏洞
nopCommerce is an open source general-purpose e-commerce platform. nopCommerce version 4.50.1 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the "Text" parameter when creating a new post. An attacker...
IBM Planning Analytics 代码问题漏洞
IBM Planning Analytics is a business planning and analysis solution from IBM Corporation. Planning Analytics Workspace is the Web management interface for IBM Planning Analytics. IBM Planning Analytics Workspace version 2.0 contains a file upload vulnerability that stems from a failure to Validat...