SQL injection in the Online Product Reservation System 1.0 POST parameter handler allows unauthenticated remote attackers to manipulate product attributes like ID, name, and price to execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected installations face potential data theft, modification, and service disruption.
SQL injection in the Online Product Reservation System 1.0 administrator delete function allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available for affected PHP installations running this product.
SQL injection in the Online Product Reservation System 1.0 parameter handler allows unauthenticated remote attackers to manipulate cat/price/name/model/serial arguments and execute arbitrary SQL queries with public exploit code available. The vulnerability affects the /handgunner-administrator/prod.php endpoint and enables attackers to read, modify, or delete database contents without authentication. No patch is currently available for this high-severity flaw.
SQL injection in the administrator login component of code-projects Online Product Reservation System 1.0 allows unauthenticated remote attackers to manipulate emailadd and pass parameters in /handgunner-administrator/adminlogin.php, enabling data exfiltration and modification. Public exploit code exists for this vulnerability, and no patch is currently available.
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any user account by exploiting OAuth token validation flaws in the social login system. [CVSS 6.5 MEDIUM]
Petlibro versions up to 1.7.31 contains a vulnerability that allows attackers to access other users' pet data by exploiting missing ownership verification (CVSS 6.5).
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. [CVSS 5.3 MEDIUM]
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to private audio recordings by exploiting sequential audio IDs and insecure assignment endpoints. [CVSS 5.3 MEDIUM]
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JFrog Artifactory (Workers) allows Cross-Site Scripting (XSS).This issue affects Artifactory (Workers): from >=7.94.0 through <7.117.10. [CVSS 4.9 MEDIUM]