CVE-2022-37150
An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters.
Source: CVE-2022-37150
[월:] 2022년 08월
CVE-2021-40285
CVE-2021-40285
htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component viewsbackup.html.php.
Source: CVE-2021-40285
CVE-2022-36680
CVE-2022-36680
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule.
Source: CVE-2022-36680
CVE-2022-36683
CVE-2022-36683
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_payment.
Source: CVE-2022-36683
CVE-2022-36679
CVE-2022-36679
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user.
Source: CVE-2022-36679
CVE-2021-39394
CVE-2021-39394
mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information.
Source: CVE-2021-39394
CVE-2022-37152
CVE-2022-37152
An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via "dob" parameter in "/classes/Users.php?f=save_client"
Source: CVE-2022-37152
CVE-2022-24304
CVE-2022-24304
Schema in lib/schema.js in Mongoose before 6.4.6 is vulnerable to prototype pollution.
Source: CVE-2022-24304
CVE-2022-36226
CVE-2022-36226
SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx.
Source: CVE-2022-36226
CVE-2022-36168
CVE-2022-36168
A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php:
Source: CVE-2022-36168