Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2022-1837: webray.com.cn/HCS_add_register.php_File_Upload_Getshell.md at main · Xor-Gerke/webray.com.cn

A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to code execution. The attack may be launched remotely but demands an authentication. Exploit details have been disclosed to the public.

CVE
Open in Source
#sql#vulnerability#web#windows#apache#js#php#auth
CVE-2022-1840: webray.com.cn/Home Clean Services Management System Stored Cross-Site Scripting(XSS).md at main · Xor-Gerke/webray.com.cn

A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0. This issue affects register.php?link=registerand. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely but demands authentication. Exploit details have been disclosed to the public.

CVE-2022-1838

A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part of admin/login.php. The manipulation of the argument username with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(5)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. It is possible to initiate the attack remotely but it requires authentication. Exploit details have been disclosed to the public.

CVE-2022-29305: Blind SQL Injection Vulnerability · Issue #75 · helloxz/imgurl

imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost.

How to Optimize Your Database Storage in MySQL

By ghostadmin SQL (structured query language) is a unique programming language for storing, manipulating, and retrieving data from a database.… This is a post from HackRead.com Read the original post: How to Optimize Your Database Storage in MySQL

CVE-2022-30015: Simple Food Website (CMS) in PHP with Source Code

In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored xss.

CVE-2022-31489: CVEs/Blockchain-AltExchanger-121-sqli.md at main · bigb0x/CVEs

Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection.

CVE-2022-1467: Support | Cyber Security Updates

Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.

CVE-2022-30017: Rescue Dispatch Management System in PHP/OOP Free Source Code

Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing.