Export limit exceeded: 334494 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334494 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33964 | 1 Janobe | 8 Credit Card, Debit Card Payment, Janobe Credit Card and 5 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/mod_users/index.php' parameter. | ||||
| CVE-2024-33963 | 1 Janobe | 8 Credit Card, Debit Card Payment, Janobe Credit Card and 5 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/mod_room/index.php' parameter. | ||||
| CVE-2024-33961 | 1 Janobe | 6 Credit Card, Debit Card Payment, Janobe Credit Card and 3 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in '/admin/mod_reservation/controller.php' parameter. | ||||
| CVE-2024-33965 | 1 Janobe | 8 Credit Card, Debit Card Payment, Janobe Credit Card and 5 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in '/tubigangarden/admin/mod_accomodation/index.php' parameter. | ||||
| CVE-2024-33967 | 1 Janobe | 6 Credit Card, Debit Card Payment, Paypal and 3 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/attendance_print.php' parameter. | ||||
| CVE-2024-33968 | 1 Janobe | 6 Credit Card, Debit Card Payment, Paypal and 3 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/index.php' parameter. | ||||
| CVE-2024-33969 | 1 Janobe | 6 Credit Card, Debit Card Payment, Paypal and 3 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/AttendanceMonitoring/department/index.php' parameter. | ||||
| CVE-2024-33971 | 1 Janobe | 5 Credit Card, Debit Card Payment, Paypal and 2 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'username' in '/login.php' parameter. | ||||
| CVE-2024-33972 | 1 Janobe | 6 Credit Card, Debit Card Payment, Paypal and 3 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'events' in '/report/event_print.php' parameter. | ||||
| CVE-2024-33973 | 1 Janobe | 6 Credit Card, Debit Card Payment, Paypal and 3 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/report/attendance_print.php' parameter. | ||||
| CVE-2024-41242 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-08 | 5.5 Medium |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in /smsa/student_login.php in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter. | ||||
| CVE-2024-41245 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-08 | 7.5 High |
| An Incorrect Access Control vulnerability was found in /smsa/view_teachers.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view TEACHER details. | ||||
| CVE-2024-41244 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-08 | 7.5 High |
| An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view CLASS details. | ||||
| CVE-2024-34479 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2024-08-08 | 9.8 Critical |
| SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection. | ||||
| CVE-2024-41247 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-08 | 9.1 Critical |
| An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa/add_class_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new class entry. | ||||
| CVE-2024-41248 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-08 | 7.5 High |
| An Incorrect Access Control vulnerability was found in /smsa/add_subject.php and /smsa/add_subject_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new subject entry. | ||||
| CVE-2024-41249 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-08 | 7.5 High |
| An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT details. | ||||
| CVE-2024-41252 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-08 | 5.3 Medium |
| An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve student registration. | ||||
| CVE-2024-41308 | 2 Enjay, Enjayworld | 2 Crm, Enjay Crm | 2024-08-08 | 8.4 High |
| An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system. | ||||
| CVE-2024-41432 | 1 Likeshop | 1 Likeshop | 2024-08-08 | 5.3 Medium |
| An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can bypass account lockout mechanisms during attempts to log into admin accounts, spoof IP addresses in requests sent to the server, and impersonate IP addresses that have logged into user accounts, etc. | ||||