CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28000
https://notcve.org/view.php?id=CVE-2021-28000
A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted payloads entered into the Name and Address fields. Se ha detectado una vulnerabilidad de tipo cross-site scripting persistente en Local Services Search Engine Management System Project versión 1.0, que permite a atacantes remotos ejecutar código arbitrario por medio de cargas útiles diseñadas que se introducen en los campos Name y Address. • https://tusharvaidya16.medium.com/local-services-search-engine-management-system-project-lssmes-1-0-af2cae7cbbf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27999
https://notcve.org/view.php?id=CVE-2021-27999
A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database. Se ha detectado una vulnerabilidad de inyección SQL en el parámetro editid en Local Services Search Engine Management System Project versión 1.0. Esta vulnerabilidad da a usuarios administradores la habilidad de volcar todos los datos de la base de datos. • https://medium.com/%40tusharvaidya16/authenticated-blind-error-based-sql-injection-on-local-services-search-engine-management-system-3e99779f0850 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2021-3278 – Local Service Search Engine Management System 1.0 - SQLi Authentication Bypass
https://notcve.org/view.php?id=CVE-2021-3278
Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page. Local Service Search Engine Management System versión 1.0, presenta una vulnerabilidad debido a una omisión de autenticación usando una inyección SQL. Con esta vulnerabilidad, un atacante puede omitir la página de inicio de sesión Local Service Search Engine Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. • https://www.exploit-db.com/exploits/49163 http://packetstormsecurity.com/files/162919/Local-Service-Search-Engine-Management-System-1.0-SQL-Injection.html https://www.sourcecodester.com/php/14607/local-service-search-engine-management-system-using-phpmysqli-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4225
https://notcve.org/view.php?id=CVE-2013-4225
The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field. El módulo RESTful Web Services (restws) versiones 7.x-1.x anteriores a 7.x-1.4 y versiones 7.x-2.x anteriores a 7.x-2.1 para Drupal, no restringe apropiadamente el acceso a las operaciones de escritura de entidades, lo que facilita a usuarios autenticados remotos con los permisos de "access resource node" y "create page content" (o equivalentes) conducir un ataque de tipo cross-site scripting (XSS) o ejecutar código PHP arbitrario por medio de un campo de texto diseñado. • http://www.openwall.com/lists/oss-security/2013/08/10/1 https://drupal.org/node/2059591 https://drupal.org/node/2059593 https://drupal.org/node/2059603 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4344
https://notcve.org/view.php?id=CVE-2015-4344
The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for Drupal allows remote attackers to bypass intended resource restrictions via vectors related to page caching. El módulo Services Basic Authentication 7.x-1.x hasta 7.x-1.3 para Drupal permite a atacantes remotos evadir las restricciones de acceso a través de vectores relacionados con el cacheo de páginas. • http://www.openwall.com/lists/oss-security/2015/04/25/6 http://www.securityfocus.com/bid/72677 https://www.drupal.org/node/2428851 https://www.drupal.org/node/2444861 • CWE-264: Permissions, Privileges, and Access Controls •