| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability was found in Campcodes Online Examination System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/addCourseExe.php. The manipulation of the argument course_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264454 is the identifier assigned to this vulnerability. |
| A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/student_exam_mark_update_form.php. The manipulation of the argument exam leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264446 is the identifier assigned to this vulnerability. |
| A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument grade leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264445 was assigned to this vulnerability. |
| A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /view/student_due_payment.php. The manipulation of the argument due_year leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264444. |
| Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg. |
| Permission bypass when importing or synchronizing entriesĀ in User vault
in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision. |
| Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page. |
| Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. |
| Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress. |
| Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress. |
| Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress. |
| Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. |
| Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress. |
| Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress. |
| Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress. |
| Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events. |
| Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in Ultimate Reviews WordPress plugin (versions <= 3.0.15). |
| Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It's also possible to escape from the web server home directory and download any file within the OS. |
| A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264443. |
