CVE-2025-4496 - TOTOLINK CloudACMunualUpdate Buffer Overflow Vulnerability
CVE ID : CVE-2025-4496
Published : May 10, 2025, 5:15 a.m. | 1 hour, 41 minutes ago
Description : A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4496
Published : May 10, 2025, 5:15 a.m. | 1 hour, 41 minutes ago
Description : A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2944 - Elementor Jeg Stored Cross-Site Scripting (XSS)
CVE ID : CVE-2025-2944
Published : May 10, 2025, 6:15 a.m. | 41 minutes ago
Description : The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Button and Countdown Widgets in all versions up to, and including, 2.6.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2944
Published : May 10, 2025, 6:15 a.m. | 41 minutes ago
Description : The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Button and Countdown Widgets in all versions up to, and including, 2.6.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4497 - Apache Code-Projects Simple Banking System Buffer Overflow Vulnerability
CVE ID : CVE-2025-4497
Published : May 10, 2025, 7:15 a.m. | 3 hours, 43 minutes ago
Description : A vulnerability was found in code-projects Simple Banking System up to 1.0. It has been rated as critical. This issue affects some unknown processing of the component Sign In. The manipulation of the argument password2 leads to buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4497
Published : May 10, 2025, 7:15 a.m. | 3 hours, 43 minutes ago
Description : A vulnerability was found in code-projects Simple Banking System up to 1.0. It has been rated as critical. This issue affects some unknown processing of the component Sign In. The manipulation of the argument password2 leads to buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2158 - WordPress Review Plugin Local File Inclusion Vulnerability
CVE ID : CVE-2025-2158
Published : May 10, 2025, 10:15 a.m. | 44 minutes ago
Description : The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5 via the Post custom fields. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP file types can be uploaded and included, or pearcmd is enabled on a server with register_argc_argv also enabled.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2158
Published : May 10, 2025, 10:15 a.m. | 44 minutes ago
Description : The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5 via the Post custom fields. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP file types can be uploaded and included, or pearcmd is enabled on a server with register_argc_argv also enabled.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4498 - Simple Bus Reservation System Buffer Overflow Vulnerability
CVE ID : CVE-2025-4498
Published : May 10, 2025, 10:15 a.m. | 44 minutes ago
Description : A vulnerability classified as critical has been found in code-projects Simple Bus Reservation System 1.0. Affected is the function a::install of the component Install Bus. The manipulation of the argument bus leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4498
Published : May 10, 2025, 10:15 a.m. | 44 minutes ago
Description : A vulnerability classified as critical has been found in code-projects Simple Bus Reservation System 1.0. Affected is the function a::install of the component Install Bus. The manipulation of the argument bus leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3876 - WooCommerce WordPress Privilege Escalation Vulnerability
CVE ID : CVE-2025-3876
Published : May 10, 2025, 12:15 p.m. | 2 hours, 44 minutes ago
Description : The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in all versions up to, and including, 3.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impersonate any account by supplying its username or email and elevate their privileges to that of an administrator.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3876
Published : May 10, 2025, 12:15 p.m. | 2 hours, 44 minutes ago
Description : The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in all versions up to, and including, 3.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impersonate any account by supplying its username or email and elevate their privileges to that of an administrator.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3878 - WooCommerce Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-3878
Published : May 10, 2025, 12:15 p.m. | 2 hours, 44 minutes ago
Description : The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_verify shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3878
Published : May 10, 2025, 12:15 p.m. | 2 hours, 44 minutes ago
Description : The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_verify shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4499 - Simple Hospital Management System Buffer Overflow
CVE ID : CVE-2025-4499
Published : May 10, 2025, 12:15 p.m. | 2 hours, 44 minutes ago
Description : A vulnerability classified as critical was found in code-projects Simple Hospital Management System 1.0. Affected by this vulnerability is the function Add of the component Add Information. The manipulation of the argument x[i].name/x[i].disease leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4499
Published : May 10, 2025, 12:15 p.m. | 2 hours, 44 minutes ago
Description : A vulnerability classified as critical was found in code-projects Simple Hospital Management System 1.0. Affected by this vulnerability is the function Add of the component Add Information. The manipulation of the argument x[i].name/x[i].disease leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4500 - Code-projects Hotel Management System Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-4500
Published : May 10, 2025, 1:15 p.m. | 1 hour, 44 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Hotel Management System 1.0. Affected by this issue is the function Edit of the component Edit Room. The manipulation of the argument roomnumber leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4500
Published : May 10, 2025, 1:15 p.m. | 1 hour, 44 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Hotel Management System 1.0. Affected by this issue is the function Edit of the component Edit Room. The manipulation of the argument roomnumber leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4501 - Apache Code-Projects Album Management System Stack Buffer Overflow
CVE ID : CVE-2025-4501
Published : May 10, 2025, 1:15 p.m. | 1 hour, 44 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Album Management System 1.0. This affects the function searchalbum of the component Search Albums. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4501
Published : May 10, 2025, 1:15 p.m. | 1 hour, 44 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Album Management System 1.0. This affects the function searchalbum of the component Search Albums. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1752 - Llama Index Denial of Service Vulnerability
CVE ID : CVE-2025-1752
Published : May 10, 2025, 2:15 p.m. | 44 minutes ago
Description : A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the max_depth parameter in the get_article_urls function. This allows an attacker to exhaust Python's recursion limit through repeated function calls, leading to resource consumption and ultimately crashing the Python process.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1752
Published : May 10, 2025, 2:15 p.m. | 44 minutes ago
Description : A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the max_depth parameter in the get_article_urls function. This allows an attacker to exhaust Python's recursion limit through repeated function calls, leading to resource consumption and ultimately crashing the Python process.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4502 - Campcodes Sales and Inventory System SQL Injection Vulnerability
CVE ID : CVE-2025-4502
Published : May 10, 2025, 2:15 p.m. | 44 minutes ago
Description : A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/creditor_add.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4502
Published : May 10, 2025, 2:15 p.m. | 44 minutes ago
Description : A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/creditor_add.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4503 - Campcodes Sales and Inventory System SQL Injection
CVE ID : CVE-2025-4503
Published : May 10, 2025, 2:15 p.m. | 44 minutes ago
Description : A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/customer_update.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4503
Published : May 10, 2025, 2:15 p.m. | 44 minutes ago
Description : A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/customer_update.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-53145 - Qualcomm Bluetooth BTSdio Use After Free Buffer Overflow
CVE ID : CVE-2023-53145
Published : May 10, 2025, 3:15 p.m. | 3 hours, 46 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition In btsdio_probe, the data->work is bound with btsdio_work. It will be started in btsdio_send_frame. If the btsdio_remove runs with a unfinished work, there may be a race condition that hdev is freed but used in btsdio_work. Fix it by canceling the work before do cleanup in btsdio_remove.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-53145
Published : May 10, 2025, 3:15 p.m. | 3 hours, 46 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition In btsdio_probe, the data->work is bound with btsdio_work. It will be started in btsdio_send_frame. If the btsdio_remove runs with a unfinished work, there may be a race condition that hdev is freed but used in btsdio_work. Fix it by canceling the work before do cleanup in btsdio_remove.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4504 - SourceCodester Online College Library System SQL Injection Vulnerability
CVE ID : CVE-2025-4504
Published : May 10, 2025, 3:15 p.m. | 3 hours, 46 minutes ago
Description : A vulnerability was found in SourceCodester Online College Library System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php. The manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4504
Published : May 10, 2025, 3:15 p.m. | 3 hours, 46 minutes ago
Description : A vulnerability was found in SourceCodester Online College Library System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php. The manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4505 - "PHPGurukul Apartment Visitors Management System SQL Injection Vulnerability"
CVE ID : CVE-2025-4505
Published : May 10, 2025, 4:15 p.m. | 2 hours, 46 minutes ago
Description : A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /category.php. The manipulation of the argument categoryname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4505
Published : May 10, 2025, 4:15 p.m. | 2 hours, 46 minutes ago
Description : A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /category.php. The manipulation of the argument categoryname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4506 - Campcodes Online Food Ordering System SQL Injection Vulnerability
CVE ID : CVE-2025-4506
Published : May 10, 2025, 4:15 p.m. | 2 hours, 46 minutes ago
Description : A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /routers/menu-router.php. The manipulation of the argument 1_price leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4506
Published : May 10, 2025, 4:15 p.m. | 2 hours, 46 minutes ago
Description : A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /routers/menu-router.php. The manipulation of the argument 1_price leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4507 - Campcodes Online Food Ordering System SQL Injection Vulnerability
CVE ID : CVE-2025-4507
Published : May 10, 2025, 5:15 p.m. | 1 hour, 46 minutes ago
Description : A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/add-item.php. The manipulation of the argument price leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4507
Published : May 10, 2025, 5:15 p.m. | 1 hour, 46 minutes ago
Description : A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/add-item.php. The manipulation of the argument price leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4508 - PHPGurukul e-Diary Management System SQL Injection Vulnerability
CVE ID : CVE-2025-4508
Published : May 10, 2025, 5:15 p.m. | 1 hour, 46 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. This vulnerability affects unknown code of the file /my-profile.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4508
Published : May 10, 2025, 5:15 p.m. | 1 hour, 46 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. This vulnerability affects unknown code of the file /my-profile.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4509 - PHPGurukul e-Diary Management System SQL Injection
CVE ID : CVE-2025-4509
Published : May 10, 2025, 6:15 p.m. | 46 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul e-Diary Management System 1.0. This issue affects some unknown processing of the file /manage-notes.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4509
Published : May 10, 2025, 6:15 p.m. | 46 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul e-Diary Management System 1.0. This issue affects some unknown processing of the file /manage-notes.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4510 - Changjietong UFIDA CRM SQL Injection
CVE ID : CVE-2025-4510
Published : May 10, 2025, 6:15 p.m. | 46 minutes ago
Description : A vulnerability was found in Changjietong UFIDA CRM 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /optnty/optntyday.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4510
Published : May 10, 2025, 6:15 p.m. | 46 minutes ago
Description : A vulnerability was found in Changjietong UFIDA CRM 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /optnty/optntyday.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...