Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2022-38303: bug_report/SQLi-2.md at main · GGMMNN/bug_report

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /employees/manage_leave_type.php.

CVE
Open in Source
#sql#vulnerability#windows#php#auth#firefox
CVE-2022-38610: bug_report/SQLi-2.md at main · sunaono1/bug_report

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editclient.php.

CVE-2022-38606: bug_report/SQLi-1.md at main · sunaono1/bug_report

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php.

CVE-2022-38605: bug_report/SQLi-1.md at main · sunaono1/bug_report

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php.

CVE-2022-38292: [Security Bugs] Server Side Request Forgery · Issue #158 · slims/slims9_bulian

SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php.

ETAP Safety Manager 1.0.0.32 Cross Site Scripting

ETAP Safety Manager version 1.0.0.32 suffers from a cross site scripting vulnerability.

CVE-2022-36254: Public Reference for CVE-2022-36254

Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname".

CVE-2022-37796: CVE_demo/Simple Online Book Store-XSS.md at main · anx0ing/CVE_demo

In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS).