acmglz

5 exploits Active since Aug 2024
CVE-2024-8136 WRITEUP LOW WRITEUP
SourceCodester Record Management System 1.0 - XSS
A vulnerability, which was classified as problematic, was found in SourceCodester Record Management System 1.0. This affects an unknown part of the file sort1_user.php. The manipulation of the argument position leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2024-8137 WRITEUP LOW WRITEUP
SourceCodester Record Management System 1.0 - XSS
A vulnerability has been found in SourceCodester Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_user.php. The manipulation of the argument search leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2024-8144 WRITEUP LOW WRITEUP
ClassCMS 4.8 - XSS
A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Logo Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2024-8145 WRITEUP LOW WRITEUP
ClassCMS 4.8 - XSS
A vulnerability, which was classified as problematic, has been found in ClassCMS 4.8. Affected by this issue is some unknown functionality of the file /index.php/admin of the component Article Handler. The manipulation of the argument Title leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 2.4
CVE-2024-8875 WRITEUP MEDIUM WORKING POC
Wcms < 0.3.2 - Path Traversal
A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 5.4