Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2023-27213: CVE/sql in search.php.md at main · xiumulty/CVE

Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php.

CVE
Open in Source
#sql#vulnerability#git#php#auth
CVE-2023-27212: CVE/xss in signup.php.md at main · xiumulty/CVE

A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter.

CVE-2023-27211: CVE/xss in navbar.php .md at main · xiumulty/CVE

A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.

CVE-2023-27210: CVE/sql in view_order.php.md at main · xiumulty/CVE

Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php.

CVE-2023-27208: CVE/xss in login.php.md at main · xiumulty/CVE

A cross-site scripting (XSS) vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter.

CVE-2023-27207: CVE/sql in manage_user.php .md at main · xiumulty/CVE

Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php.

CVE-2023-27206: Best pos management system in php

A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.

CVE-2023-26957: Background arbitrary folder deletion vulnerability · Issue #3 · keheying/onekeyadmin

onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins.

CVE-2023-1294: bug_report/SQLi-1.md at main · godownio/bug_report

A vulnerability was found in SourceCodester File Tracker Manager System 1.0. It has been classified as critical. Affected is an unknown function of the file /file_manager/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222648.

CVE-2023-1291: vul-test/sts-2.md at main · Mart1nD0t/vul-test

A vulnerability, which was classified as critical, was found in SourceCodester Sales Tracker Management System 1.0. This affects an unknown part of the file admin/clients/manage_client.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222645 was assigned to this vulnerability.