DililLearngent

20 exploits Active since Aug 2023
CVE-2023-31938 WRITEUP HIGH WRITEUP
Online Travel Agency System <1.0 - RCE
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_detail.php.
CVSS 7.2
CVE-2023-31939 WRITEUP HIGH WRITEUP
Online Travel Agency System <1.0 - RCE
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomer_id parameter at customer_edit.php.
CVSS 7.2
CVE-2023-31940 WRITEUP HIGH WRITEUP
Online Travel Agency System <1.0 - RCE
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the page_id parameter at article_edit.php.
CVSS 7.2
CVE-2023-31941 WRITEUP HIGH WRITEUP
Online Travel Agency System <1.0 - RCE
File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the employee_insert.php.
CVSS 7.2
CVE-2023-31942 WRITEUP MEDIUM WRITEUP
Online Travel Agency System <1.0 - XSS
Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php.
CVSS 4.8
CVE-2023-31943 WRITEUP HIGH WRITEUP
Online Travel Agency System <1.0 - RCE
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticket_id parameter at ticket_detail.php.
CVSS 7.2
CVE-2023-31944 WRITEUP HIGH WRITEUP
Online Travel Agency System <1.0 - RCE
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_edit.php.
CVSS 7.2
CVE-2023-31945 WRITEUP HIGH WRITEUP
Online Travel Agency System <1.0 - RCE
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the id parameter at daily_expenditure_edit.php.
CVSS 7.2
CVE-2023-31946 WRITEUP HIGH WRITEUP
Online Travel Agency System <1.0 - RCE
File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the artical.php.
CVSS 7.2
CVE-2023-40874 WRITEUP MEDIUM WRITEUP
dedecms <= 5.7.110 - Cross-Site Scripting via votename and voteitem1 Parameters
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters.
CVSS 5.4
CVE-2023-40875 WRITEUP MEDIUM WRITEUP
dedecms <= 5.7.110 - Cross-Site Scripting via votename and votenote Parameters
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters.
CVSS 5.4
CVE-2023-40876 WRITEUP MEDIUM WRITEUP
dedecms <= 5.7.110 - Cross-Site Scripting via Title Parameter
DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter.
CVSS 5.4
CVE-2023-40877 WRITEUP MEDIUM WRITEUP
dedecms <= 5.7.110 - Cross-Site Scripting via Title Parameter
DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter.
CVSS 5.4
CVE-2024-40068 WRITEUP MEDIUM WRITEUP
Sourcecodester Online ID Generator System 1.0 - SQL Injection
Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=templates/manage_template&id=1.
CVSS 5.9
CVE-2024-40069 WRITEUP MEDIUM WRITEUP
Sourcecodester Online ID Generator System 1.0 - XSS
Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/Users.php?f=save, and the point of vulnerability is in the POST parameter 'firstname' and 'lastname'.
CVSS 5.4
CVE-2024-40070 WRITEUP MEDIUM WRITEUP
Sourcecodester Online ID Generator System 1.0 - RCE
Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/Users.php?f=save. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVSS 5.1
CVE-2024-40071 WRITEUP CRITICAL WRITEUP
Sourcecodester Online ID Generator System 1.0 - RCE
Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVSS 9.8
CVE-2024-40072 WRITEUP CRITICAL WRITEUP
Sourcecodester Online ID Generator System 1.0 - SQL Injection
Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1.
CVSS 9.8
CVE-2024-40073 WRITEUP CRITICAL WRITEUP
Sourcecodester Online ID Generator System 1.0 - SQL Injection
Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the template parameter at id_generator/admin/?page=generate&template=4.
CVSS 9.8
CVE-2024-40074 WRITEUP MEDIUM WRITEUP
Sourcecodester Online ID Generator System 1.0 - XSS
Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/SystemSettings.php?f=update_settings, and the point of vulnerability is in the POST parameter 'short_name'.
CVSS 4.8