| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php. |
| Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php. |
| Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns. |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog |
| Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email. |
| Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id. |
| The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server. |
| The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key). |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact. |
| In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. |
| In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. |
| A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id/s leads to sql injection. The exploit has been disclosed to the public and may be used. |
| A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /add-table.php. The manipulation of the argument tableno leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
| A vulnerability was found in Codezips Online Shopping Website 1.0. It has been rated as critical. This issue affects some unknown processing of the file /cart_add.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |