CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2022-38946
https://notcve.org/view.php?id=CVE-2022-38946
09 Dec 2024 — Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code. • https://github.com/Cosemz/CVE/blob/main/Doctor-Appointment.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2022-38947
https://notcve.org/view.php?id=CVE-2022-38947
09 Dec 2024 — SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in product_title parameter, allows attackers to execute arbitrary code. • https://github.com/Cosemz/CVE/blob/main/Flipkart-Clone-PHP/Flipkart-Clone-PHP.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-54918
https://notcve.org/view.php?id=CVE-2024-54918
09 Dec 2024 — Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php. • https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/RCE%20by%20File%20Upload%20-%20Update%20Avatar.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-54921
https://notcve.org/view.php?id=CVE-2024-54921
09 Dec 2024 — A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters. • https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20Signup%20Student.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-54923
https://notcve.org/view.php?id=CVE-2024-54923
09 Dec 2024 — A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter. • https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20edit_teacher.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-54924
https://notcve.org/view.php?id=CVE-2024-54924
09 Dec 2024 — A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters. • https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20edit%20content.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-54925
https://notcve.org/view.php?id=CVE-2024-54925
09 Dec 2024 — A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. • https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20remove_sent_message.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-54931
https://notcve.org/view.php?id=CVE-2024-54931
09 Dec 2024 — A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. • https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20delete%20event.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-55580
https://notcve.org/view.php?id=CVE-2024-55580
09 Dec 2024 — Unprivileged users with network access may be able to execute remote commands that could cause high availability damages, including high integrity and confidentiality risks. • https://community.qlik.com/t5/Official-Support-Articles/High-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows-CVEs/tac-p/2496004 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-50628
https://notcve.org/view.php?id=CVE-2024-50628
09 Dec 2024 — It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues. • https://www.digi.com/getattachment/Resources/Security/Alerts/Digi-ConnectPort-LTS-Firmware-Update/ConnectPort-LTS-KB.pdf • CWE-862: Missing Authorization •