5.3
CVE-2025-0211 - Campcodes School Faculty Scheduling System index.php file inclusion
A vulnerability was found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit β¦
5.9
CVE-2024-41763 - IBM Engineering Lifecycle Optimization - Publishing information disclosure
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
7.5
CVE-2024-41766 - IBM Engineering Lifecycle Optimization - Publishing denial of service
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression.
6.5
CVE-2024-41765 - IBM Engineering Lifecycle Optimization - Publishing directory traversal
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
7.3
CVE-2024-41767 - IBM Engineering Lifecycle Optimization - Publishing SQL injection
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
6.5
CVE-2024-41768 - IBM Engineering Lifecycle Optimization - Publishing unhandled SLL exception
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state.
6.9
CVE-2025-0210 - Campcodes School Faculty Scheduling System ajax.php sql injection
A vulnerability has been found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be launcβ¦
8.8
CVE-2024-10957 - UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a Pβ¦
5.3
CVE-2025-0208 - code-projects Online Shoe Store summary.php sql injection
A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /summary.php. The manipulation of the argument tid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to β¦
6.9
CVE-2025-0207 - code-projects Online Shoe Store login.php sql injection
A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /function/login.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The β¦