| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR. |
| Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_tags at /admin/page_edit/3. |
| Maxsite CMS v180 was discovered to contain multiple arbitrary file deletion vulnerabilities in /admin_page/all-files-update-ajax.php via the dir and deletefile parameters. |
| A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows attackers to execute arbitrary code via a crafted PHP file. |
| Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files. |
| Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at /admin-panel1.php. |
| Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at /admin-panel1.php. |
| Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at /admin-panel1.php. |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter. |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via the DELETE_STR parameter. |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETE_STR parameter. |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. |
| An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files. |
| The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files. |
| Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. |
| Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. |
| Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. |
| Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/ app. |
| Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php. |
| Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. |
