Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2024
CVE-2024-34308
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-05-14
CVE-2024-34230
A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-05-14
CVE-2024-34231
A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter.
CVSS Score
7.1
EPSS Score
0.002
Published
2024-05-14
CVE-2024-34245
An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtml_js_action.php.
CVSS Score
6.5
EPSS Score
0.004
Published
2024-05-14
CVE-2024-34221
Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-05-14
CVE-2024-34222
Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-05-14
CVE-2024-34223
Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-05-14
CVE-2024-34224
Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters.
CVSS Score
7.3
EPSS Score
0.011
Published
2024-05-14
CVE-2024-34225
Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters.
CVSS Score
6.1
EPSS Score
0.005
Published
2024-05-14
CVE-2024-34226
SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters.
CVSS Score
9.4
EPSS Score
0.003
Published
2024-05-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved