Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing  and also negatively…

CWE-250: Execution with Unnecessary Privileges

CWE-250: Execution with Unnecessary Privileges

CWE-798: Use of Hard-coded Credentials

CWE-923: Improper Restriction of Communication Channel to Intended Endpoints

CWE-427: Uncontrolled Search Path Element

A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /test-details.php. The manipulation of the argument Status leads to sql injection. The attack can be initiated remotely. The exploit has…

A vulnerability, which was classified as critical, was found in PHPGurukul Rail Pass Management System 1.0. This affects an unknown part of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit ha…

Bookgy does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to reach private areas and/or areas intended for other roles.

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA"  parameter in /bkg_imprimir_comprobante.php