Y4y17/CVE
GitHub
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 7.3 HIGH | — | ||
An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file. | |||
| 6.5 MEDIUM | — | ||
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information (PII) via a crafted SQL statement. | |||
| 6.5 MEDIUM | — | ||
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information (PII). | |||
| 9.8 CRITICAL | — | ||
Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement. | |||
| 9.8 CRITICAL | — | ||
phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication. | |||
| 9.8 CRITICAL | — | ||
phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in check_availablity.php. | |||
| 9.1 CRITICAL | — | ||
phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in remove_file.php. The parameter file can cause any file to be deleted. | |||
| 6.3 MEDIUM | — | ||
CMSEasy v7.7.8.0 and before is vulnerable to Arbitrary file deletion in database_admin.php. | |||
| 5.4 MEDIUM | — | ||
MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an attacker to execute arbitrary commands | |||
| 5.4 MEDIUM | — | ||
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php. | |||
| 5.4 MEDIUM | — | ||
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php. | |||
| 5.4 MEDIUM | — | ||
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php. | |||
| 5.4 MEDIUM | — | ||
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php. | |||
| 5.4 MEDIUM | — | ||
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php. | |||
| 5.4 MEDIUM | — | ||
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php. | |||
| 5.5 MEDIUM | — | ||
An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of Mccms v2.7.0 allows attackers to download arbitrary files via a crafted GET request. | |||
| 5.4 MEDIUM | — | ||
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php. | |||
| 5.4 MEDIUM | — | ||
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php. | |||
| 5.4 MEDIUM | — | ||
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php. | |||