Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2023-27207: CVE/sql in manage_user.php .md at main · xiumulty/CVE

Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php.

CVE
Open in Source
#sql#vulnerability#git#php
CVE-2023-27206: Best pos management system in php

A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.

CVE-2023-27213: CVE/sql in search.php.md at main · xiumulty/CVE

Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php.

CVE-2023-27212: CVE/xss in signup.php.md at main · xiumulty/CVE

A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter.

CVE-2023-27214: CVE/sql in between-date-reprtsdetails.php.md at main · xiumulty/CVE

Online Student Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the fromdate and todate parameters at /eduauth/student/between-date-reprtsdetails.php.

CVE-2023-27208: CVE/xss in login.php.md at main · xiumulty/CVE

A cross-site scripting (XSS) vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter.

CVE-2023-27211: CVE/xss in navbar.php .md at main · xiumulty/CVE

A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.

CVE-2023-27210: CVE/sql in view_order.php.md at main · xiumulty/CVE

Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php.

CVE-2023-1294: bug_report/SQLi-1.md at main · godownio/bug_report

A vulnerability was found in SourceCodester File Tracker Manager System 1.0. It has been classified as critical. Affected is an unknown function of the file /file_manager/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222648.

CVE-2023-1293

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. This issue affects the function mysqli_query of the file admin_cs.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222647.