CVE-2026-5645

A weakness has been identified in projectworlds Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /pay.php of the component Parameter Handler. Executing a manipulation of the argument mpesa can lead to sql injection. The attack can be launched remotely...

PT-2026-30595

Name of the Vulnerable Software and Affected Versions projectworlds Car Rental System version 1.0 Description A weakness exists in projectworlds Car Rental System 1.0. The issue affects an unknown functionality within the /pay.php file of the Parameter Handler component. Manipulation of the mpesa...

EUVD-2021-13526

Malware in sbrugna...

CVE-2025-7475 code-projects Simple Car Rental System pay.php sql injection

A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part of the file /pay.php. The manipulation of the argument mpesa leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to...

CVE-2025-7475

CVE-2025-7475 affects Simple Car Rental System 1.0, with the vulnerability located in /pay.php where manipulating the mpesa parameter enables SQL injection. The issue is exploitable remotely and exploitation details have been disclosed publicly. Multiple connected sources confirm a critical impac...

CVE-2025-7475 code-projects Simple Car Rental System pay.php sql injection

A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part of the file /pay.php. The manipulation of the argument mpesa leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to...

CVE-2024-10751

A vulnerability was found in Codezips ISP Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file pay.php. The manipulation of the argument customer leads to sql injection. The attack may be launched remotely. The exploit has been disclos...

CVE-2024-10751 Codezips ISP Management System pay.php sql injection

A vulnerability was found in Codezips ISP Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file pay.php. The manipulation of the argument customer leads to sql injection. The attack may be launched remotely. The exploit has been disclos...

CVE-2024-10751

CVE-2024-10751 affects Codezips ISP Management System 1.0. The vulnerability is in the file pay.php, where manipulating the “customer” parameter yields a SQL injection. The issue can be exploited remotely, and multiple sources confirm the exploit has been disclosed publicly. Technical details con...

CVE-2024-38469

zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting XSS vulnerability via the $search parameter at /pay.php...

CVE-2024-38469

CVE-2024-38469 concerns zhimengzhe iBarn v1.5, where a reflected XSS vulnerability is triggered via the $search parameter on /pay.php. The available documents identify the affected software/component and the vulnerability class, but do not provide exploit details, affected versions beyond v1.5, c...

CVE-2024-38469

zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting XSS vulnerability via the $search parameter at /pay.php...

CVE-2024-38469

zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting XSS vulnerability via the $search parameter at /pay.php...

PT-2024-28023 · Ibarn · Ibarn

Name of the Vulnerable Software and Affected Versions: iBarn version 1.5 Description: A reflected cross-site scripting XSS issue was found, which can be triggered via the search parameter at the "/pay.php" API endpoint. Recommendations: For version 1.5, as a temporary workaround, consider...

iBarn Security Vulnerabilities

iBarn is an application by zhimengzhe personal developer. It provides file network backup, synchronization and sharing services. A security vulnerability exists in iBarn v1.5, which originates from a reflected cross-site scripting XSS vulnerability contained in the $search parameter on /pay.php...

CVE-2024-1225

A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmbpay of the file /application/index/controller/Pay.php. The manipulation of the argument callbackclass leads to deserialization. The attack can be launched remotel...

CVE-2024-1225

A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmbpay of the file /application/index/controller/Pay.php. The manipulation of the argument callbackclass leads to deserialization. The attack can be launched remotel...

CVE-2024-1225 QiboSoft QiboCMS X1 Pay.php rmb_pay deserialization

A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmbpay of the file /application/index/controller/Pay.php. The manipulation of the argument callbackclass leads to deserialization. The attack can be launched remotel...

Qibosoft QiboCMS Code Issue Vulnerability

Qibosoft QiboCMS is an application software of China Qibo Software Qibosoft Company. A website builder CMS. A code issue vulnerability exists in Qibosoft QiboCMS versions X1 through 1.0.6, which stems from the parameter callbackclass in file /application/index/controller/Pay.php that causes...

CVE-2024-0883

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects the function prepare of the file admin/pay.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely...