The code-projects Online Exam Mastering System 1.0 is prone to a Reflected Cross-Site Scripting (XSS) vulnerability in the 'q' parameter of feedback.php. This issue occurs because the application does not properly sanitize user-supplied input, enabling an attacker to execute arbitrary JavaScript code.
A Cross-Site Scripting (XSS) vulnerability was found in CodeAstro Online Railway Reservation System version 1.0. This vulnerability allows attackers to insert and run malicious JavaScript code in the user's browser session.
CMU CERT/CC VINCE 2.0.6 web platform is prone to a stored cross-site scripting vulnerability. Attackers can inject arbitrary HTML/JS code through the 'content' POST parameter, which is not properly sanitized. This allows malicious code execution in the context of the affected user's browser session.
Garage Management System 1.0 is vulnerable to stored XSS due to inadequate client-side validation. An attacker can manipulate a request using tools like Burp Suite to evade validation, leading to the injection of malicious scripts into the 'categoriesName' parameter. This can result in the execution of arbitrary scripts in the context of the user's browser.
The Watcharr version 1.43.0 and below is vulnerable to Remote Code Execution (RCE) which allows an attacker to execute arbitrary code on the target system. CVE-2024-48827 was identified and exploited by Suphawith Phusanbai.
Car Rental Project version 1.0 allows an attacker to upload arbitrary files due to lack of validation on file types during the image change operation. This can be exploited to upload malicious files and execute arbitrary commands on the server.
The TimeProvider® 4100 Grandmaster firmware version 2.4.6 is vulnerable to SQL injection in the 'get_chart_data' web resource. The 'channelId' parameter is directly inserted into the SQL query, allowing unauthenticated attackers to manipulate queries and execute malicious SQL commands.
A SQL injection vulnerability exists in the login functionality of NEWS-BUZZ News Management System version 1.0. This vulnerability allows an attacker to manipulate the SQL query by altering the user_name parameter, potentially leading to unauthorized access to the database.
The 'bid' parameter in /delete.php of Code-Projects Blood Bank V1.0 is vulnerable to Out-of-Band SQL Injection. Attackers can exploit this by using Burp Collaborator to execute OOB SQL injection attacks, potentially gaining access to sensitive data.
The Open Source Medicine Ordering System v1.0 is vulnerable to SQL Injection. By exploiting this vulnerability, an attacker can extract sensitive data from the database, such as admin users' information.
Services By CQR