246 matches found
CVE-2026-3487
The CVE-2026-3487 entry concerns itsourcecode College Management System 1.0. A SQL injection flaw affects the handling of /admin/class-result.php, where manipulating the course_code argument enables remote, unauthenticated exploitation. The vulnerability is publicly exploited or publicly disclose...
itsourcecode College Management System SQL注入漏洞
itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the coursecode parameter in the file...
CVE-2025-13673
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'couponcode' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
PT-2026-22465
Name of the Vulnerable Software and Affected Versions Tutor LMS versions prior to 3.9.7 Description The Tutor LMS plugin for WordPress is susceptible to SQL Injection due to inadequate input validation and query preparation. Specifically, the coupon code parameter is not properly sanitized,...
CVE-2026-3149
A weakness has been identified in itsourcecode College Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/asign-single-student-subjects.php. Executing a manipulation of the argument coursecode can lead to sql injection. The attack can be executed...
itsourcecode College Management System SQL注入漏洞
itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the coursecode parameter in the file...
CVE-2025-41002
SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'...
CVE-2025-41002 SQL injection in Infoticketing
SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'...
CVE-2025-41002 SQL injection in Infoticketing
SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'...
CVE-2025-41002
SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'...
CVE-2025-41002
CVE-2025-41002 is a SQL injection vulnerability in Infoticketing. An unauthenticated attacker can abuse a POST request to the path /components/cart/cartApplyDiscount.php using the 'code' parameter to retrieve, create, update, and delete data in the database. The CVSS metrics indicate a critical s...
PT-2026-21508
SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'...
MANANTIAL DE IDEAS Infoticketing SQL注入漏洞
MANANTIAL DE IDEAS Infoticketing is a one-stop ticketing system provided by the Spanish company MANANTIAL DE IDEAS. MANANTIAL DE IDEAS Infoticketing has a SQL injection vulnerability, which stems from improper handling of the code parameter in the components/cart/cartApplyDiscount.php file. This...
CVE-2025-12448
The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-12448
The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-12448 Smartsupp – live chat, AI shopping assistant and chatbots <= 3.9.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-12448
Smartsupp – live chat, AI shopping assistant and chatbots for WordPress (plugin) is vulnerable up to version 3.9.1 to a Stored Cross-Site Scripting via the 'code' parameter due to insufficient input sanitization and output escaping. The vulnerability allows authenticated attackers with Subscriber...
CVE-2025-12448 Smartsupp – live chat, AI shopping assistant and chatbots <= 3.9.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
PT-2026-20582
Name of the Vulnerable Software and Affected Versions Smartsupp – live chat, AI shopping assistant and chatbots versions prior to 3.9.2 Description The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to...
CVE-2026-1912
The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...