4 results (0.008 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. Online Notice Board System v1.0 es afectado por una vulnerabilidad de carga de archivos insegura en el parámetro 'f' de la página user/update_profile_pic.php, lo que permite a un atacante autenticado obtener la ejecución remota de código en el servidor que aloja la aplicación. • https://fluidattacks.com/advisories/arrau https://www.kashipara.com • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database. Online Notice Board System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'dd' del recurso user/update_profile.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/perahia https://www.kashipara.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. Online Notice Board System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'e' del recurso login.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/perahia https://www.kashipara.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database. Online Notice Board System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'dd' del recurso registration.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/perahia https://www.kashipara.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •