PT-2024-26423 · Unknown · Campcodes Complete Online Student Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Complete Online Student Management System version 1.0 Description: A vulnerability was found in the system, affecting unknown code of the file Marks view.php. The manipulation of the FirstRecord argument leads to cross-site scriptin...

CVE-2024-2283 boyiddha Automated-Mess-Management-System view.php sql injection

A vulnerability classified as critical has been found in boyiddha Automated-Mess-Management-System 1.0. Affected is an unknown function of the file /member/view.php. The manipulation of the argument date leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-2283 boyiddha Automated-Mess-Management-System view.php sql injection

A vulnerability classified as critical has been found in boyiddha Automated-Mess-Management-System 1.0. Affected is an unknown function of the file /member/view.php. The manipulation of the argument date leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2023-7020

A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. This issue affects some unknown processing of the file general/wiki/cp/ct/view.php. The manipulation of the argument TEMPID leads to sql injection. The attack may be initiated remotely. The exploit has been disclos...

CVE-2023-7020 Tongda OA 2017 view.php sql injection

A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. This issue affects some unknown processing of the file general/wiki/cp/ct/view.php. The manipulation of the argument TEMPID leads to sql injection. The attack may be initiated remotely. The exploit has been disclos...

CVE-2023-7020

CVE-2023-7020 affects Tongda OA 2017 up to 11.9. The issue is a SQL injection caused by improper handling of the TEMP_ID parameter in general/wiki/cp/ct/view.php, enabling remote exploitation. The vulnerability’s impact is described as high, with a remote attacker potentially exploiting it after ...

CVE-2023-3119

A vulnerability, which was classified as critical, has been found in SourceCodester Service Provider Management System 1.0. Affected by this issue is some unknown functionality of the file view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. T...

Sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Service Provider Management System 1.0. Affected by this issue is some unknown functionality of the file view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. T...

Cross-site Scripting (XSS)

concrete5/concrete5 is vulnerable to Cross-site Scripting XSS. The vulnerability exists in view.php due to lack of sanitization in the container name parameter which allows an attacker to inject and execute malicious javascript...

Remote File Inclusion

cakephp/cakephp is vulnerable to Remote File Inclusion. The vulnerability is due to the getViewFileName function in View.php which allows an attacker to execute arbitrary scripts outside the view path by manipulating view template filenames...

Cross site scripting

A vulnerability has been found in stiiv contactapp and classified as problematic. Affected by this vulnerability is the function render of the file libs/View.php. The manipulation of the argument var leads to cross site scripting. The attack can be launched remotely. The patch is named...

CVE-2022-4421

A vulnerability was found in rAthena FluxCP. It has been classified as problematic. Affected is an unknown function of the file themes/default/servicedesk/view.php of the component Service Desk Image URL Handler. The manipulation of the argument sslink leads to cross site scripting. It is possibl...

Moodle does not enforce the forceloginforprofiles setting

user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search...

Moodle multiple cross-site request forgery (CSRF) vulnerabilities

Multiple cross-site request forgery CSRF vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to 1 mod/lesson/mediafile.php or 2...

Scripteen Image Upload Shell Upload

Exploit Title : Scripteen İmage Upload Script Arbitrary File Injection + Venedor Home Page : https://scripteen.com/ + Author : z3r0fy + Twitter : z3r0fy + Website : www.bugcontainer.gq + CX Security Link : https://cxsecurity.com/issue/WLB-2019100145 + Description : Due to these codes in the...

Cross site scripting

Reflected XSS exists in interface/forms/eyemag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter...

CVE-2019-16862

Reflected XSS in interface/forms/eyemag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter...

CVE-2019-17409

Reflected XSS exists in interface/forms/eyemag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter...

kenwatches.com XSS vulnerability

Open Bug Bounty ID: OBB-613656 Description| Value ---|--- Affected Website:| kenwatches.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure

Drupal avataruploader v7.x-1.0-beta8 - Arbitrary File Disclosure Title: Drupal avataruploader v7.x-1.0-beta8 - Arbitrary File Disclosure Author: Larry W. Cashdollar Date: 2018-03-30 CVE-ID: CVE-2018-9205 Download Site: https://www.drupal.org/project/avataruploader Vendor:...