|
210181
|
9.8 |
CRITICAL
Network
|
online_library_management_system_project
|
online_library_management_system
|
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add be…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28130
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210182
|
6.1 |
MEDIUM
Network
|
adrianmercurio
|
gym_management_system
|
Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields…
|
CWE-79
Cross-site Scripting
|
CVE-2020-28129
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210183
|
8.8 |
HIGH
Network
|
phpgurukul
|
tourism_management_system
|
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28136
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210184
|
9.8 |
CRITICAL
Network
|
simple_grocery_store_sales_and_inventory_sales_project
|
simple_grocery_store_sales_and_inventory_system
|
An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges …
|
CWE-89
SQL Injection
|
CVE-2020-28133
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210185
|
9.8 |
CRITICAL
Network
|
online_clothing_store_project
|
online_clothing_store
|
SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28140
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210186
|
6.1 |
MEDIUM
Network
|
online_clothing_store_project
|
online_clothing_store
|
SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28139
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210187
|
9.8 |
CRITICAL
Network
|
online_clothing_store_project
|
online_clothing_store
|
SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php.
|
CWE-89
SQL Injection
|
CVE-2020-28138
|
2024-11-21 14:22 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210188
|
5.4 |
MEDIUM
Network
|
nagios
|
nagios_xi
|
Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).
|
CWE-79
Cross-site Scripting
|
CVE-2020-27991
|
2024-11-21 14:22 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210189
|
5.4 |
MEDIUM
Network
|
nagios
|
nagios_xi
|
Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).
|
CWE-79
Cross-site Scripting
|
CVE-2020-27990
|
2024-11-21 14:22 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210190
|
5.4 |
MEDIUM
Network
|
nagios
|
nagios_xi
|
Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).
|
CWE-79
Cross-site Scripting
|
CVE-2020-27989
|
2024-11-21 14:22 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
