9.6
CVE-2023-29118 - Unauthorized SQLite Injection in Enel X Juicebox
Waybox Enel X web management application could execute arbitrary requests on the internal database viaย /admin/versions.php.
8.8
CVE-2023-29117 - Authentication Bypass in JuiceBox Web Manager interface
Waybox Enel X web management API authentication could be bypassed and provide administratorโs privileges over the Waybox system.
4.3
CVE-2023-29116 - PHP Information Disclosure in Enel X JuiceBox
Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained.
6.5
CVE-2023-29115 - Denial of Service via Web Management interface in Enel X JuiceBox
In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service (e.g. reboot).
5.7
CVE-2023-29114 - Unauthorized System Log Disclosure in Enel X JuiceBox
System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: โขโโโโโWi-Fi access point credentials to which the EV charger can connect. โขโโโโโAPN web address and credentials. โขโโโโโIPSEC credentialsโฆ
6.9
CVE-2024-10845 - 1000 Projects Bookstore Management System book_detail.php sql injection
A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file book_detail.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disโฆ
6.9
CVE-2024-10844 - 1000 Projects Bookstore Management System search.php sql injection
A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0. This affects an unknown part of the file search.php. The manipulation of the argument s leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosโฆ
5.1
CVE-2024-10842 - romadebrian WEB-Sekolah Backend Proses_Edit_Akun.php cross site scripting
A vulnerability, which was classified as problematic, has been found in romadebrian WEB-Sekolah 1.0. Affected by this issue is some unknown functionality of the file /Admin/Proses_Edit_Akun.php of the component Backend. The manipulation of the argument Username_Baru/Password leads to cross site scrโฆ
5.3
CVE-2024-10841 - romadebrian WEB-Sekolah Mail Proses_Kirim.php sql injection
A vulnerability classified as critical was found in romadebrian WEB-Sekolah 1.0. Affected by this vulnerability is an unknown functionality of the file /Proses_Kirim.php of the component Mail Handler. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely.โฆ
4.3
CVE-2024-10329 - Ultimate Bootstrap Elements for Elementor <= 1.4.6 - Authenticated (Contributor+) Sensitive Informaโฆ
The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the 'ube_get_page_templates' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to eโฆ