The “Subscribeâ€� feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed. Devamını Oku
Cross Site Scripting (XSS) vulnerability in Booking Core – Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourselfâ€� section under the “My Profileâ€� page, " (2) “Hotel Policyâ€� field under the “Hotel Detailsâ€� page, (3) “Pricing codeâ€� and “nameâ€� fields under the “Manage Tourâ€� page, and (4) all the labels under the “Menuâ€�…
A Null pointer dereference vulnerability exits in MP4Box – GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service. Devamını Oku
A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Devamını Oku
A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Devamını Oku
A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code. Devamını Oku
A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code. Devamını Oku
Projectworlds Online Examination System 1.0 is vulnerable to CSRF, which allows a remote attacker to delete the existing user. Devamını Oku
Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple parameters. Devamını Oku
A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty, teacher, subject, scores, location, and article data. Devamını Oku
A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Content" parameter. Devamını Oku
A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Content" parameter. Devamını Oku