Page 112 of 5095 results (0.032 seconds)

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin-manage-user.php. • https://github.com/xuanluansec/vul/blob/main/vul/1/README.md https://github.com/xuanluansec/vul/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin/app/web_crud.php. • https://github.com/xuanluansec/vul/blob/main/vul/sql/sql-3.md https://github.com/xuanluansec/vul/issues/3#issue-2243633522 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1

SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints. • https://github.com/ally-petitt/CVE-2023-45503 https://docs.google.com/spreadsheets/d/1AzXspN8oBAJ80YQxfN44bpbOuNzA3PZEccQ6IGQMs5E/edit?usp=sharing https://github.com/ally-petitt/CVE-2023-45503?tab=readme-ov-file • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

This may lead to local privilege escalation. • https://github.com/netdata/netdata/pull/17377 https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93 • CWE-426: Untrusted Search Path •

CVSS: 0EPSS: 0%CPEs: -EXPL: 1

An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Program.exe component. Una vulnerabilidad de ruta de servicio sin comillas en Terratec DMX_6Fire USB v.1.23.0.02 permite a un atacante local escalar privilegios a través del componente Program.exe. • https://www.exploit-db.com/exploits/51977 https://medium.com/%40kobbycyber/terratec-dmx-6fire-usb-unquoted-service-path-cve-2024-31804-70cced459202 https://www.ired.team/offensive-security/privilege-escalation/unquoted-service-paths • CWE-428: Unquoted Search Path or Element •