CyberSecurityBoard
Sponsor Register Login

CVE-2023-1506

A vulnerability, which was classified as critical, was found in SourceCodester E-Commerce System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument U_USERNAME leads to sql injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-223410 is the identifier assigned to this vulnerability.

Publication date: Mon, 20 Mar 2023 15:15:00 +0000


Cyber News related to CVE-2023-1506

Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
1 year ago Cisa.gov
CVE-2021-47178 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
6 months ago Tenable.com
Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server - Sig 11,887 p4api vs2017 static openssl3 p4api-2023.1.2468153-vs2017 static. Sig 11,847 p4api vs2017 static p4api-2023.1.2468153-vs2017 static. Sig 10,187 p4api vs2017 static vsdebug openssl3 p4api-2023.1.2468153-vs2017 static vsdebug. Sig 10,147 ...
11 months ago Microsoft.com
CVE-2023-1506 - A vulnerability, which was classified as critical, was found in SourceCodester E-Commerce System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument U_USERNAME leads to sql injection. It is possible to launch ...
1 year ago
Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
8 months ago Securelist.com
CVE-2011-1506 - The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is ...
7 years ago
CVE-1999-1506 - Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, allows remote attackers to access user bin. ...
16 years ago
CVE-2002-1506 - Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an error string that is generated. ...
16 years ago
CVE-2006-1506 - Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine 5.3 before 20060327 and N1 Grid Engine 6.0 before 20060327 allows local users to gain root privileges. This vulnerability affects Sun Microsystems, Sun Grid Engine 5.3 before ...
13 years ago
CVE-2003-1506 - Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix CensorNet 3.0 through 3.2 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the DENIEDURL parameter. ...
7 years ago
CVE-2012-1506 - SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. ...
7 years ago
CVE-2010-1506 - The Google V8 bindings in Google Chrome before 4.1.249.1059 allow attackers to cause a denial of service (memory corruption) via unknown vectors. ...
7 years ago
CVE-2008-1506 - PEEL, possibly 3.x and earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. ...
7 years ago
CVE-2009-1506 - SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to banner-details.php. ...
7 years ago
CVE-2017-1506 - IBM Cognos TM1 10.2 and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ...
6 years ago
CVE-2009-0836 - Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have ...
6 years ago
CVE-2009-0837 - Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by ...
6 years ago
CVE-2005-1506 - SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via the perm parameter. ...
8 years ago
CVE-2014-1506 - Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted ...
8 years ago
CVE-2001-1506 - Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct ...
7 years ago
CVE-2004-1506 - Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated ...
7 years ago
CVE-2009-0191 - Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers to execute arbitrary code via a crafted PDF file ...
6 years ago
CVE-2007-1506 - Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters. ...
6 years ago
CVE-2017-11150 - Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents. ...
5 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)