Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
website vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-25207
Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows malicious users to execute arbitrary code via the file upload to prodViewUpdate.php.
E-commerce Website Project E-commerce Website 1.0
8.1
CVSSv3
CVE-2021-44593
Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php.
Simple College Website Project Simple College Website 1.0
1 Github repository
5.3
CVSSv3
CVE-2018-20631
PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file.
Website Seller Script Project Website Seller Script 2.0.5
9.8
CVSSv3
CVE-2022-26283
Simple Subscription Website v1.0 exists to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows malicious users to dump the application's database via crafted HTTP requests.
Simple Subscription Website Project Simple Subscription Website 1.0
5.4
CVSSv3
CVE-2022-27330
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field.
E-commerce Website Project E-commerce Website 1.0
NA
CVE-2000-0066
WebSite Pro allows remote malicious users to determine the real pathname of webdirectories via a malformed URL request.
Oreilly Website Professional 2.4.9
Oreilly Website Professional 2.3.18
9.8
CVSSv3
CVE-2021-43140
SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login.
Simple Subscription Website Project Simple Subscription Website 1.0
6.1
CVSSv3
CVE-2021-43141
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in plan_application.
Simple Subscription Website Project Simple Subscription Website 1.0
8.8
CVSSv3
CVE-2018-11501
PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS.
Website Seller Script Project Website Seller Script 2.0.3
9.8
CVSSv3
CVE-2021-45255
The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interac...
Video Sharing Website Project Video Sharing Website 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »