#php

SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php.

In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE).

Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter.

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php.

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php.

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php.

Online Birth Certificate Management System version 1.0 suffers from a cross site scripting vulnerability.

Online Birth Certificate Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

Online Birth Certificate Management System version 1.0 suffers from an insecure direct object reference vulnerability.

Online Birth Certificate Management System version 1.0 suffers from a cross site request forgery vulnerability.