A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /admin/update-image2.php of the component Parameter Handler. The manipulation of the argument filename leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the file /foreigner-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

A Command Injection vulnerability exists in the web-based GUI of the 1st Gen PelcoSarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands.

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been rated as critical. Affected by this issue is the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0 and classified as critical. This issue affects some unknown processing of the file /add-normal-ticket.php. The manipulation of the argument noadult/nochildren/aprice/cprice leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for an unprivileged user to perform a remote code execution by injecting a groovy script in her own profile and by calling the Reset password feature since the feature is performing a save of the user profile with programming rights in the impacted versions of XWiki. The issue has been patched in XWiki 13.1RC1. There are two different possible workarounds, each consisting of modifying the XWiki/ResetPassword page. 1. The Reset password feature can be entirely disabled by deleting the XWiki/ResetPassword page. 2. The script in XWiki/ResetPassword can also be modified or removed: an administrator can replace it with a simple email contact to ask an administrator to reset the password.

A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the file /setup.cgi. Executing a manipulation of the argument policy_name can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.

A vulnerability classified as critical has been found in SourceCodester/oretnom23 Stock Management System 1.0. Affected is an unknown function of the file /admin/?page=sales/view_sale. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability, which was classified as critical, was found in Advaya Softech GEMS ERP Portal 2.1. This affects an unknown part of the file /studentLogin/studentLogin.action. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been classified as critical. This affects an unknown part of the file /view-foreigner-ticket.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability, which was classified as critical, has been found in PHPGurukul Park Ticketing Management System 2.0. This issue affects some unknown processing of the file /view-normal-ticket.php. The manipulation of the argument viewid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file sales_invoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

A vulnerability has been found in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file dashboard.php of the component Search. The manipulation of the argument searchtxt leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown processing of the file /room_rates.php. This manipulation of the argument q causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been declared as critical. This vulnerability affects unknown code of the file /normal-search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability, which was classified as critical, has been found in SourceCodester/oretnom23 Stock Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=back_order/view_bo. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file update_out_standing.php of the component HTTP GET Parameter Handler. Performing a manipulation of the argument sid results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file purchase_invoice.php of the component GET Parameter Handler. The manipulation of the argument purchaseid results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.

A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack may be launched remotely. The exploit is now public and may be used.

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

A vulnerability was found in Bohua NetDragon Firewall 1.0 and classified as critical. This issue affects some unknown processing of the file /systemstatus/ip_status.php. The manipulation of the argument subnet leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument _order results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file update_customer_details.php of the component HTTP GET Parameter Handler. Such manipulation of the argument sid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add-users.php. The manipulation of the argument uadd leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

A weakness has been identified in itsourcecode sanitize or validate this input 1.0. Affected is an unknown function of the file /admin/teacher-attendance.php. Executing a manipulation of the argument teacher_id can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

A vulnerability classified as critical was found in code-projects Employee Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /dashboard/getData.php. The manipulation of the argument keywords leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-category.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in Codezips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /invo.php. The manipulation of the argument dname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

A vulnerability classified as critical has been found in JFinalCMS 1.0. This affects the function findPage of the file src\main\java\com\cms\entity\ContentModel.java of the component File Content Handler. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely.

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/mod_room/index.php?view=edit. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.

A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /update_ed.php. The manipulation of the argument e_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file check_supplier_details.php of the component POST Parameter Handler. Executing a manipulation of the argument stock_name1 can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.

A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been declared as critical. Affected by this vulnerability is the function findUser of the file wetech-cms-master\wetech-core\src\main\java\tech\wetech\cms\dao\UserDao.java. The manipulation of the argument searchValue/gId/rId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/term.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability has been found in PHPGurukul Land Record System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in PHPGurukul Small CRM 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability, which was classified as critical, was found in code-projects Simple Admin Panel 1.0. This affects an unknown part. The manipulation of the argument c_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search-property.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.4 is able to address this issue. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in code-projects Online Class and Exam Scheduling System 1.0. This issue affects some unknown processing of the file /pages/department.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability classified as critical was found in melMass comfy_mtb up to 0.1.4. Affected by this vulnerability is the function run_command of the file comfy_mtb/endpoint.py of the component Dependency Handler. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named d6e004cce2c32f8e48b868e66b89f82da4887dc3. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/room_update.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

A vulnerability classified as critical was found in ZeroWdd myblog 1.0. This vulnerability affects unknown code of the file src/main/resources/mapper/BlogMapper.xml. The manipulation of the argument findBlogList/getTotalBlogs leads to xml injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /blog-details.php. The manipulation of the argument blog_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in code-projects Online Exam Mastering System 1.0. Affected is an unknown function of the file /account.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.