#auth

PHPJabbers Car Rental version 3.0 suffers from multiple persistent cross site scripting vulnerabilities.

PHPJabbers Car Rental version 3.0 suffers from a CSV injection vulnerability.

R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup access.

PHPJabbers Car Rental version 3.0 suffers from a missing rate limiting control that can allow for resource exhaustion.

PHPJabbers Time Slots Booking Calendar version 4.0 suffers from a missing rate limiting control that can allow for resource exhaustion.

PHPJabbers Availability Booking Calendar version 5.0 suffers from a missing rate limiting control that can allow for resource exhaustion.

PHPJabbers Shuttle Booking Software version 2.0 suffers from a CSV injection vulnerability.

PHPJabbers Time Slots Booking Calendar version 4.0 suffers from multiple persistent cross site scripting vulnerabilities.

PHPJabbers Time Slots Booking Calendar version 4.0 suffers from an html injection vulnerability.

SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands or query statements to the interpreter. These malicious data can deceive the interpreter, so as to execute unplanned commands or unauthorized access to data.