Simple Subscription Website version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Wipro Holmes Orchestrator version 20.4.1 unauthenticated arbitrary file reading proof of concept exploit.
PHP Laravel version 8.70.1 suffers from cross site scripting and cross site request forgery related vulnerabilities.
WordPress WPSchoolPress plugin version 2.1.16 suffers from cross site scripting vulnerabilities.
CMDBuild version 3.3.2 suffers from cross site scripting vulnerabilities.
Online Reviewer System version 2.4.0 suffers from a remote SQL injection vulnerability.
Online Learning System version 2.0 remote code execution exploit that leverages SQL injection, authentication bypass, and file upload vulnerabilities.
This Metasploit module exploits a deserialization vulnerability in the Report.ashx page of Sitecore XP 7.5 to 7.5.2, 8.0 to 8.0.7, 8.1 to 8.1.3, and 8.2 to 8.2.7. Versions 7.2.6 and…
Quick.CMS 6.7 – Cross Site Request Forgery (CSRF) to Cross Site Scripting (XSS) (Authenticated)
Bludit 3.13.1 – ‘username’ Cross Site Scripting (XSS)