#auth

Feng Office version 3.10.8.21 suffers from a persistent cross site scripting vulnerability.

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/racer.inc.

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/award.inc.

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in ajax/query.slide.next.inc.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in playlist.php.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo.php.

Seo Panel version 4.7.0 suffers from a cross site scripting vulnerability.

Human Resource Management System 2024 version 1.0 suffers from a remote SQL injection vulnerability.

Jasmin Ransomware version 1.1 suffers from an arbitrary file read vulnerability.

A remote code execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/import_run.php&type=externalAssessment&step=4. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.