8.8
CVE-2024-24409 - Privilege Escalation
Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable toย Privilege Escalation in theย Modify Computers option.
5.1
CVE-2024-11000 - CodeAstro Real Estate Management System About Us Page aboutedit.php unrestricted upload
A vulnerability classified as problematic was found in CodeAstro Real Estate Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutedit.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. The attack โฆ
5.1
CVE-2024-10999 - CodeAstro Real Estate Management System About Us Page aboutadd.php unrestricted upload
A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. It is possible to launch the attacโฆ
6.9
CVE-2024-10998 - 1000 Projects Bookstore Management System process_category_add.php sql injection
A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/process_category_add.php. The manipulation of the argument cat leads to sql injection. The attack may be initiated remotely. The eโฆ
5.3
CVE-2024-10997 - 1000 Projects Bookstore Management System book_list.php sql injection
A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /book_list.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been diโฆ
6.4
CVE-2024-10269 - Easy SVG Support <= 3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access andโฆ
6.9
CVE-2024-10996 - 1000 Projects Bookstore Management System process_category_edit.php sql injection
A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/process_category_edit.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. Theโฆ
6.9
CVE-2024-10995 - Codezips Hospital Appointment System removeDoctorResult.php sql injection
A vulnerability was found in Codezips Hospital Appointment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /removeDoctorResult.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit โฆ
5.3
CVE-2024-10994 - Codezips Online Institute Management System edit_user.php unrestricted upload
A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit_user.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remoteโฆ
9.6
CVE-2024-7982 - Registrations for The Events Calendar < 2.12.4 - Unauthenticated Stored XSS
The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks.