|
197051
|
9.8 |
CRITICAL
Network
|
learning_management_system_project
|
learning_management_system
|
Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-25200
|
2024-11-21 14:54 |
2021-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197052
|
4.8 |
MEDIUM
Network
|
sophos
|
unified_threat_management
|
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.
|
CWE-79
Cross-site Scripting
|
CVE-2021-25273
|
2024-11-21 14:54 |
2021-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197053
|
9.8 |
CRITICAL
Network
|
travel_management_system_project
|
travel_management_system
|
Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-25208
|
2024-11-21 14:54 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197054
|
9.8 |
CRITICAL
Network
|
responsive_ordering_system_project
|
responsive_ordering_system
|
Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-25206
|
2024-11-21 14:54 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197055
|
5.4 |
MEDIUM
Network
|
e-commerce_website_project
|
e-commerce_website
|
Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php.
|
CWE-79
Cross-site Scripting
|
CVE-2021-25204
|
2024-11-21 14:54 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197056
|
9.8 |
CRITICAL
Network
|
victor_cms_project
|
victor_cms
|
Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-25203
|
2024-11-21 14:54 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197057
|
7.5 |
HIGH
Network
|
learning_management_system_project
|
learning_management_system
|
SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information.
|
CWE-89
SQL Injection
|
CVE-2021-25201
|
2024-11-21 14:54 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197058
|
9.8 |
CRITICAL
Network
|
e-commerce_website_project
|
e-commerce_website
|
Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-25207
|
2024-11-21 14:54 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197059
|
9.8 |
CRITICAL
Network
|
travel_management_system_project
|
travel_management_system
|
SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php.
|
CWE-89
SQL Injection
|
CVE-2021-25213
|
2024-11-21 14:54 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197060
|
9.8 |
CRITICAL
Network
|
online_ordering_system_project
|
online_ordering_system
|
Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-25211
|
2024-11-21 14:54 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
