Search Results (363151 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-4220 1 Chamilo 1 Chamilo Lms 2024-11-21 8.1 High
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
CVE-2023-4219 1 Doctors Appointment System Project 1 Doctors Appointment System 2024-11-21 7.3 High
A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236365 was assigned to this vulnerability.
CVE-2023-4218 1 Eclipse 3 Eclipse Ide, Org.eclipse.core.runtime, Pde 2024-11-21 5 Medium
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
CVE-2023-4217 1 Moxa 2 Eds-g503, Eds-g503 Firmware 2024-11-21 3.1 Low
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.
CVE-2023-4204 1 Moxa 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware 2024-11-21 5.4 Medium
NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation.
CVE-2023-4201 1 Mayurik 1 Inventory Management System 2024-11-21 6.3 Medium
A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file ex_catagory_data.php. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236291.
CVE-2023-4200 1 Mayurik 1 Inventory Management System 2024-11-21 6.3 Medium
A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file product_data.php.. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236290 is the identifier assigned to this vulnerability.
CVE-2023-4199 1 Mayurik 1 Inventory Management System 2024-11-21 6.3 Medium
A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file catagory_data.php. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236289 was assigned to this vulnerability.
CVE-2023-4198 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 6.5 Medium
Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data
CVE-2023-4197 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 7.5 High
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
CVE-2023-4196 2 Agentejo, Cockpit-hq 2 Cockpit, Cockpit 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
CVE-2023-4195 2 Agentejo, Cockpit-hq 2 Cockpit, Cockpit 2024-11-21 8.8 High
PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3.
CVE-2023-4193 1 Resort Reservation System Project 1 Resort Reservation System 2024-11-21 6.3 Medium
A vulnerability has been found in SourceCodester Resort Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_fee.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236236.
CVE-2023-4192 1 Resort Reservation System Project 1 Resort Reservation System 2024-11-21 6.3 Medium
A vulnerability, which was classified as critical, was found in SourceCodester Resort Reservation System 1.0. This affects an unknown part of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236235.
CVE-2023-4191 2 Resort Reservation System Project, Sourcecodester 2 Resort Reservation System, Resort Reservation System 2024-11-21 6.3 Medium
A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236234 is the identifier assigned to this vulnerability.
CVE-2023-4190 1 Admidio 1 Admidio 2024-11-21 6.5 Medium
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11.
CVE-2023-4189 2 Instantcms, Instantsoft 2 Instantcms, Instantcms 2024-11-21 4.8 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4188 2 Instantcms, Instantsoft 2 Instantcms, Instantcms 2024-11-21 9.1 Critical
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4187 2 Instantcms, Instantsoft 2 Instantcms, Instantcms 2024-11-21 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4186 1 Pharmacy Management System Project 1 Pharmacy Management System 2024-11-21 6.3 Medium
A vulnerability was found in SourceCodester Pharmacy Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_website.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236221 was assigned to this vulnerability.