Search Results (363079 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-48824 1 Boidcms 1 Boidcms 2024-11-21 5.4 Medium
BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the title, subtitle, footer, or keywords parameter in a page=create action.
CVE-2023-48823 1 Mayurik 1 Courier Management System 2024-11-21 9.8 Critical
A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login.
CVE-2023-48815 1 Keking 1 Kkfileview 2024-11-21 6.1 Medium
kkFileView v4.3.0 is vulnerable to Incorrect Access Control.
CVE-2023-48813 1 Slims 1 Senayan Library Management System Bulian 2024-11-21 8.8 High
Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php.
CVE-2023-48811 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 9.8 Critical
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability.
CVE-2023-48810 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 9.8 Critical
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
CVE-2023-48808 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 9.8 Critical
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
CVE-2023-48807 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 9.8 Critical
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
CVE-2023-48806 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 9.8 Critical
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
CVE-2023-48805 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 9.8 Critical
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
CVE-2023-48804 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 9.8 Critical
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
CVE-2023-48803 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 9.8 Critical
In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.
CVE-2023-48800 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 9.8 Critical
In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.
CVE-2023-48799 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 9.8 Critical
TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution.
CVE-2023-48760 1 Crocoblock 1 Jetelements 2024-11-21 8.2 High
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
CVE-2023-48759 1 Crocoblock 1 Jetelements 2024-11-21 7.5 High
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
CVE-2023-48736 1 Color 1 Demoiccmax 2024-11-21 6.5 Medium
In International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp2d in IccTagLut.cpp in libSampleICC.a has an out-of-bounds read.
CVE-2023-48722 1 Phpgurukul 1 Student Result Management System 2024-11-21 9.8 Critical
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-48720 1 Phpgurukul 1 Student Result Management System 2024-11-21 9.8 Critical
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-48716 1 Projectworlds 1 Student Result Management System 2024-11-21 9.8 Critical
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database.