Simple Security Vulnerabilities
A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like alert(1) leads to cross site scripting. The attack may be launched...
5.4CVSS
5.2AI Score
0.001EPSS
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.7AI Score
0.002EPSS
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.7AI Score
0.002EPSS
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.7AI Score
0.002EPSS
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.7AI Score
0.002EPSS
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.7AI Score
0.002EPSS
Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP...
8.8CVSS
8.9AI Score
0.048EPSS
Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.8AI Score
0.002EPSS
4.9CVSS
5.1AI Score
0.001EPSS
A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a...
9.8CVSS
9.5AI Score
0.026EPSS
Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new...
5.4CVSS
5.5AI Score
0.001EPSS
An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in...
9.8CVSS
9.9AI Score
0.002EPSS
Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via...
9.8CVSS
9.5AI Score
0.002EPSS
Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP...
9.8CVSS
9.6AI Score
0.003EPSS
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP...
9.8CVSS
9.6AI Score
0.003EPSS
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP...
9.8CVSS
9.6AI Score
0.003EPSS
The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF...
6.5CVSS
6.3AI Score
0.001EPSS
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id...
9.8CVSS
9.8AI Score
0.002EPSS
Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username...
7.5CVSS
7.8AI Score
0.002EPSS
Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search...
9.8CVSS
9.8AI Score
0.002EPSS
The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF...
4.7CVSS
4.6AI Score
0.001EPSS
The Complianz WordPress plugin before 6.0.0 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site...
6.1CVSS
6AI Score
0.001EPSS
SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in...
9.8CVSS
9.8AI Score
0.042EPSS
SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in...
9.8CVSS
9.8AI Score
0.002EPSS
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in...
9.8CVSS
9.6AI Score
0.046EPSS
An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in...
9.8CVSS
9.9AI Score
0.192EPSS
SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password...
9.8CVSS
10AI Score
0.002EPSS
Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on...
8.1CVSS
8.8AI Score
0.014EPSS
An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in...
9.8CVSS
9.8AI Score
0.002EPSS
Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file admin/pages/useredit.php with a newer version. USOC version...
7.2CVSS
7AI Score
0.002EPSS
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to...
10CVSS
9.8AI Score
0.002EPSS
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are...
9.1CVSS
7.3AI Score
0.001EPSS
An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than...
7.5CVSS
7.4AI Score
0.002EPSS
The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application...
9.8CVSS
9.6AI Score
0.002EPSS
The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/simple-image-gallery.php file which allows attackers to inject arbitrary web scripts, in versions up to and including...
6.1CVSS
6AI Score
0.001EPSS
The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/duogeek/duogeek-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including...
6.1CVSS
6AI Score
0.001EPSS
The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site...
8.8CVSS
8.5AI Score
0.001EPSS
Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3) t paramater in...
9.8CVSS
10AI Score
0.002EPSS
SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the...
9.8CVSS
9.8AI Score
0.012EPSS
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in...
The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $job_board_privacy_policy_label variable echo'd out via the ~/admin/settings/class-simple-job-board-settings-privacy.php file which allowed attackers with administrative user...
5.5CVSS
4.8AI Score
0.001EPSS
The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to...
7.2CVSS
6.9AI Score
0.001EPSS
The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows attackers to inject arbitrary web scripts, in versions up to and including...
6.1CVSS
6AI Score
0.001EPSS
The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including...
6.1CVSS
6AI Score
0.001EPSS
Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the system_info page in classes/SystemSettings.php with an update_settings...
8.8CVSS
8.9AI Score
0.034EPSS
SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username...
9.8CVSS
9.9AI Score
0.01EPSS
The Simple Banner WordPress plugin before 2.10.4 does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfiltered_html capability is...
4.8CVSS
4.7AI Score
0.001EPSS
The Simple Events Calendar WordPress plugin through 1.4.0 does not sanitise, validate or escape the event_id POST parameter before using it in a SQL statement when deleting events, leading to an authenticated SQL injection...
7.2CVSS
7.1AI Score
0.001EPSS
The Simple Popup Newsletter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/simple-popup-newsletter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including...
6.1CVSS
6AI Score
0.001EPSS
The Simple Behance Portfolio WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dark parameter in the ~/titan-framework/iframe-font-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including...
6.1CVSS
6AI Score
0.001EPSS