| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks. |
| Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section. |
| Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel. |
| Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section. |
| Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section. |
| Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section. |
| Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition. |
| Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section. |
| emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php. |
| TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie. |
| In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code. |
| The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts. |
| PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code. |
| LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. |
| LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure. |
| An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold. |
| A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function. |
| CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function. |
| A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter. |
| TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. |
