6.9
CVE-2025-0331 - YunzMall HTTP POST Request ResetpwdController.php changePwd password recovery
A vulnerability, which was classified as critical, has been found in YunzMall up to 2.4.2. This issue affects the function changePwd of the file /app/platform/controllers/ResetpwdController.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to weak password r…
6.9
CVE-2025-0328 - KaiYuanTong ECT Platform HTTP POST Request runCode.php command injection
A vulnerability, which was classified as critical, has been found in KaiYuanTong ECT Platform up to 2.0.0. Affected by this issue is some unknown functionality of the file /public/server/runCode.php of the component HTTP POST Request Handler. The manipulation of the argument code leads to command i…
5.3
CVE-2024-13213 - SingMR HouseRent toAdminUpdateHousePage cross site scripting
A vulnerability classified as problematic was found in SingMR HouseRent 1.0. This vulnerability affects unknown code of the file /toAdminUpdateHousePage?hID=30. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may…
5.3
CVE-2024-13212 - SingMR HouseRent AddHouseController.java upload unrestricted upload
A vulnerability classified as critical has been found in SingMR HouseRent 1.0. This affects the function singleUpload/upload of the file src/main/java/com/house/wym/controller/AddHouseController.java. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the…
5.3
CVE-2024-13211 - SingMR HouseRent AdminController.java access control
A vulnerability was found in SingMR HouseRent 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/main/java/com/house/wym/controller/AdminController.java. The manipulation leads to improper access controls. The attack may be launched remotely. Th…
5.1
CVE-2024-13210 - donglight bookstore电商书城系统说明 AdminBookController. java uploadPicture unrestricted upload
A vulnerability was found in donglight bookstore电商书城系统说明 1.0. It has been declared as critical. Affected by this vulnerability is the function uploadPicture of the file src/main/java/org/zdd/bookstore/web/controller/admin/AdminBookController. java. The manipulation of the argument pictureFile leads…
5.1
CVE-2024-13209 - Redaxo CMS Structure Management Page index.php cross site scripting
A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?page=structure&category_id=1&article_id=1&clang=1&function=edit_art&artstart=0 of the component Structure Management Page. The manipulation of the argument A…
8.5
CVE-2024-13206 - REVE Antivirus reveinstall default permission
A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to incorrect default permissions. It is possible to launch the attack on the local host. The exploit ha…
5.1
CVE-2024-13205 - kurniaramadhan E-Commerce-PHP Create Product Page create_product.php cross site scripting
A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/create_product.php of the component Create Product Page. The manipulation of the argument Name leads to cross site scripting. The…
5.3
CVE-2024-13204 - kurniaramadhan E-Commerce-PHP blog-details.php sql injection
A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /blog-details.php. The manipulation of the argument blog_id leads to sql injection. The attack can be launched remotely. The explo…