23 results (0.001 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter. • https://github.com/qingning988/cve_report/blob/main/storage-unit-rental-management-system/RCE-1.md https://www.github.com • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as problematic was found in SourceCodester Storage Unit Rental Management System 1.0. This vulnerability affects unknown code of the file classes/Users.php?f=save. The manipulation leads to unrestricted upload. The attack can be initiated remotely. • https://github.com/ret2hh/bug_report/blob/main/UPLOAD.md https://vuldb.com/?ctiid.223552 https://vuldb.com/?id.223552 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2

Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature parameters. Se descubrió que la aplicación de almacenamiento de contraseñas Sourcecodester en PHP/OOP y MySQL 1.0 contiene múltiples vulnerabilidades de cross-site scripting (XSS) a través de los parámetros Nombre, Nombre de usuario, Descripción y Característica del sitio. • https://github.com/RashidKhanPathan/CVE-2022-43117 https://drive.google.com/file/d/1ZmAuKMVzUpL8pt5KXQJk8IyPECoVP9xw/view?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

A cross-site scripting (XSS) vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. Una vulnerabilidad de Cross-Site Scripting (XSS) en el componente add-fee.php de Password Storage Application v1.0 permite a los atacantes ejecutars scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el parámetro cmddept. • https://github.com/TongJinBo/BugReport/blob/main/XssBug.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2

Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php. Se descubrió que Simple Cold Storage Management System v1.0 contiene una vulnerabilidad de inyección SQL a través del parámetro id en /bookings/update_status.php. Simple Cold Storage Management System version 1.0 suffers from a remote SQL injection vulnerability. • http://packetstormsecurity.com/files/169605/Simple-Cold-Storage-Management-System-1.0-SQL-Injection.html https://github.com/HKD01l/bug_report/blob/main/vendors/oretnom23/simple-cold-storage-management-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •