8 results (0.004 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. • https://fluidattacks.com/advisories/wyckoff https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. • https://fluidattacks.com/advisories/blessd https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Yoga Class Registration System 1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at /admin/login.php. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Yoga-Class-Registration%20-1.0-2023%20-%20Multiple-SQLi • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been declared as problematic. This vulnerability affects the function query of the file admin/user/list.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. • https://blog.csdn.net/Dwayne_Wade/article/details/129496689 https://vuldb.com/?ctiid.222982 https://vuldb.com/?id.222982 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been classified as critical. This affects the function query of the file admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. • https://blog.csdn.net/Dwayne_Wade/article/details/129493110 https://vuldb.com/?ctiid.222873 https://vuldb.com/?id.222873 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •