Simple Security Vulnerabilities
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the...
6.1CVSS
6AI Score
0.005EPSS
Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.002EPSS
A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through "id" parameter on the album...
8.8CVSS
9AI Score
0.001EPSS
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in James Lao's Simple Video Embedder plugin <= 2.2 on...
5.4CVSS
5.2AI Score
0.001EPSS
The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins....
8.8CVSS
8.8AI Score
0.001EPSS
An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary...
7.5CVSS
7.1AI Score
0.002EPSS
Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSRF in place, attackers could...
8.8CVSS
8.7AI Score
0.001EPSS
Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam...
8.8CVSS
8.7AI Score
0.002EPSS
Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) via the Exam...
5.4CVSS
5.2AI Score
0.001EPSS
7.2CVSS
6.9AI Score
0.001EPSS
In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file...
8.8CVSS
8.6AI Score
0.001EPSS
7.2CVSS
7.4AI Score
0.001EPSS
An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=,...
9.8CVSS
9.8AI Score
0.002EPSS
SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified...
8.4AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.001EPSS
A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager"...
9.8CVSS
9.4AI Score
0.002EPSS
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in...
3.8CVSS
4.5AI Score
0.001EPSS
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file...
3.8CVSS
4.4AI Score
0.001EPSS
SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to...
8.3AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in popup.php in the Simple Popup Images plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the z...
6AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func...
5.9AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to...
5.9AI Score
0.003EPSS
Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via (1) the having parameter in a manage action to index.php; (2) the Email field in an Add User action; (3) the Customer Name field in...
5.8AI Score
0.001EPSS
simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack...
6.2AI Score
0.006EPSS
PHP file inclusion vulnerability in index.php in Ivan Peevski gallery 0.3 in Simple PHP Scripts (sphp) allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the gallery parameter, which is accessed by the file_exists function. NOTE: the...
7.2AI Score
0.005EPSS
SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
8.1AI Score
0.001EPSS
Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). This vulnerability allows attackers to execute arbitrary code via a crafted PHP...
9.8CVSS
9.6AI Score
0.005EPSS
Simple College Website v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /college_website/index.php?page=. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page...
6.1CVSS
6AI Score
0.001EPSS
A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the directive allow_url_include is set to...
9.8CVSS
9.5AI Score
0.023EPSS
SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName...
6.1CVSS
5.9AI Score
0.001EPSS
SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullName...
4.8CVSS
5AI Score
0.001EPSS
SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at...
9.8CVSS
9.7AI Score
0.002EPSS
SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName...
4.8CVSS
5AI Score
0.001EPSS
SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System. This vulnerability affects unknown code. The manipulation of the argument student_add leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated...
9.8CVSS
9.8AI Score
0.001EPSS
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
9.8CVSS
9.7AI Score
0.002EPSS
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
9.8CVSS
9.7AI Score
0.002EPSS
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
9.8CVSS
9.7AI Score
0.002EPSS
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
9.8CVSS
9.7AI Score
0.002EPSS
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
9.8CVSS
9.7AI Score
0.002EPSS
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...
9.8CVSS
9.7AI Score
0.002EPSS
The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...
4.8CVSS
4.8AI Score
0.001EPSS
A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation leads to unrestricted upload. The attack can be launched remotely....
8.8CVSS
8.7AI Score
0.001EPSS
A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /mkshope/login.php. The manipulation of the argument msg leads to cross site scripting. The attack can be...
6.1CVSS
6AI Score
0.003EPSS
A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. Affected by this vulnerability is an unknown functionality of the file /obs/bookPerPub.php. The manipulation of the argument bookisbn leads to sql injection. The attack can be launched...
9.8CVSS
9.7AI Score
0.001EPSS