CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35151 – Online Marriage Registration System 1.0 - 'searchdata' SQL Injection
https://notcve.org/view.php?id=CVE-2020-35151
The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection. El parámetro post "searchdata" de Online Marriage Registration System versión 1.0 en la petición del archivo user/search.php es vulnerable a una inyección SQL Basada en Tiempo • https://www.exploit-db.com/exploits/49307 https://phpgurukul.com/online-marriage-registration-system-using-php-and-mysql • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-28136
https://notcve.org/view.php?id=CVE-2020-28136
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page. Es detectada una carga de archivos arbitraria en SourceCodester Tourism Management System versión 1.0, que permite al usuario conducir una ejecución de código remota por medio de una página vulnerable admin/create-package.php • https://phpgurukul.com/tourism-management-system-free-download https://www.exploit-db.com/exploits/48892 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2020-25270 – Hostel Management System 2.1 - Cross Site Scripting (Multiple Fields)
https://notcve.org/view.php?id=CVE-2020-25270
PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City. PHPGurukul hostel-management-system versión 2.1, permite un ataque de tipo XSS por medio de Guardian Name, Guardian Relation, Guardian Contact no, Address, o City Hostel Management System version 2.1 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/48905 https://github.com/Ko-kn3t/CVE-2020-25270 http://packetstormsecurity.com/files/159614/Hostel-Management-System-2.1-Cross-Site-Scripting.html https://phpgurukul.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25271
https://notcve.org/view.php?id=CVE-2020-25271
PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php. PHPGurukul hospital-management-system-in-php versión 4.0, permite un ataque de tipo XSS por medio del archivo admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, o admin/appointment-history.php • https://github.com/Ko-kn3t/CVE-2020-25271 https://phpgurukul.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25487
https://notcve.org/view.php?id=CVE-2020-25487
PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php. PHPGURUKUL Zoo Management System Using PHP and MySQL versión 1.0, está afectado por: Inyección SQL por medio de un archivo zms/animal-detail.php • https://github.com/Ko-kn3t/CVE-2020-25487 http://phpgurukul.com https://phpgurukul.com/zoo-management-system-using-php-and-mysql • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •