Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
website vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-45527
File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized malicious users to directly upload malicious files to the courseimg directory.
Institutional Management Website Project Institutional Management Website 1.0
7.2
CVSSv3
CVE-2023-5919
A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack m...
Company Website Cms Project Company Website Cms 1.0
5.4
CVSSv3
CVE-2021-25204
Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote malicious users to inject arbitrary web script or HTM via the subject field to feedback_process.php.
E-commerce Website Project E-commerce Website 1.0
9.8
CVSSv3
CVE-2021-25205
SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote malicious users to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php .
E-commerce Website Project E-commerce Website 1.0
9.8
CVSSv3
CVE-2021-25207
Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows malicious users to execute arbitrary code via the file upload to prodViewUpdate.php.
E-commerce Website Project E-commerce Website 1.0
5.3
CVSSv3
CVE-2018-20631
PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file.
Website Seller Script Project Website Seller Script 2.0.5
NA
CVE-2000-0066
WebSite Pro allows remote malicious users to determine the real pathname of webdirectories via a malformed URL request.
Oreilly Website Professional 2.4.9
Oreilly Website Professional 2.3.18
9.8
CVSSv3
CVE-2022-45526
SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows malicious users to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php.
Institutional Management Website Project Institutional Management Website 1.0
9.8
CVSSv3
CVE-2021-26232
SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote malicious users to execute arbitrary SQL statements via the id parameter to news.php.
Simple College Website Project Simple College Website 1.0
6.5
CVSSv3
CVE-2019-9063
PHP Scripts Mall Auction website script 2.0.4 allows parameter tampering of the payment amount.
Auction Website Script Project Auction Website Script 2.0.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »