|
211411
|
9.8 |
CRITICAL
Network
|
online_bus_booking_system_project
|
online_bus_booking_system
|
In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection.
|
CWE-89
SQL Injection
|
CVE-2020-25273
|
2024-11-21 14:17 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211412
|
6.1 |
MEDIUM
Network
|
online_bus_booking_system_project
|
online_bus_booking_system
|
In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25272
|
2024-11-21 14:17 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211413
|
5.4 |
MEDIUM
Network
|
phpgurukul
|
hospital_management_system
|
PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25271
|
2024-11-21 14:17 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211414
|
5.4 |
MEDIUM
Network
|
phpgurukul
|
hostel_management_system
|
PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25270
|
2024-11-21 14:17 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211415
|
7.1 |
HIGH
Network
|
pyrocms
|
pyrocms
|
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted.
|
CWE-352
Origin Validation Error
|
CVE-2020-25263
|
2024-11-21 14:17 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211416
|
4.3 |
MEDIUM
Network
|
pyrocms
|
pyrocms
|
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted.
|
CWE-352
Origin Validation Error
|
CVE-2020-25262
|
2024-11-21 14:17 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211417
|
5.4 |
MEDIUM
Network
|
getsymphony
|
symphony
|
Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to fields['body'] param via events\event.publish_article.php
|
CWE-79
Cross-site Scripting
|
CVE-2020-25343
|
2024-11-21 14:17 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211418
|
5.3 |
MEDIUM
Network
|
pritunl
|
pritunl
|
Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, th…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-25200
|
2024-11-21 14:17 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211419
|
4.8 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding f…
|
CWE-79
Cross-site Scripting
|
CVE-2020-25288
|
2024-11-21 14:17 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211420
|
8.8 |
HIGH
Network
|
observium
|
observium
|
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted po…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-25149
|
2024-11-21 14:17 |
2020-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
