CVE-2024-6471 : SOURCECODESTER ONLINE TOURS & TRAVELS MANAGEMENT 1.0 SMS_SETTING.PHP UNAME SQL INJECTION

Description

A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management 1.0. This affects an unknown part of the file sms_setting.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270279.

References

https://vuldb.com/?id.270279

https://vuldb.com/?ctiid.270279

https://vuldb.com/?submit.367953

https://blog.csdn.net/ENTICE1208/article/details/140141934

For More Information

CVERecord

Contact us to get started

CVE-2024-33368 : PLASMOAPP RPSHARE FABRIC MOD 1.0.0 DOWNLOADPROMPTSCREEN BUILD OS COMMAND INJECTION

Description An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build

Learn more

CVE-2024-39275 : ADVANTECH ADAM-5630 UP TO 2.5.1 PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION

Description Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with

Learn more

CVE-2024-46257 : NGINXPROXYMANAGER 2.11.3 REQUESTLETSENCRYPTSSLWITHDNSCHALLENGE COMMAND INJECTION

Description A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add

Learn more