55 matches found
CVE-2025-8500
A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insert-and-view/action.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely...
Modern Bag action.php file SQL injection vulnerability
Modern Bag is an online management system. Modern Bag suffers from a SQL injection vulnerability that stems from an error in the parameter proId in file /action.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL comman...
CVE-2025-6484
A vulnerability was found in code-projects Online Shopping Store 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /action.php. The manipulation of the argument catid/brandid/keyword/proId/pid leads to sql injection. The attack may be launched...
CVE-2025-6108
A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function watermarkTest of the file...
CVE-2023-0774
A vulnerability has been found in SourceCodester Medical Certificate Generator App 1.0 and classified as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument lastname leads to sql injection. The attack can be initiated remotely. The exploit ha...
CVE-2022-44279
Garage Management System v1.0 is vulnerable to Cross Site Scripting XSS via /garage/phpaction/createBrand.php...
UBUNTU-CVE-2025-32696
Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1...
Xinhu RockOA 安全漏洞
Xinhu RockOA is an office OA system of China Xinhu Xinhu Company. A security vulnerability exists in Xinhu RockOA 2.6.5 and earlier versions, which originates from the inputAction.php file and the saveAjax function that allows SQL injection, which may result in the execution of arbitrary code...
CVE-2025-1890
A vulnerability has been found in shishuocms 1.1 and classified as critical. This vulnerability affects the function handleRequest of the file src/main/java/com/shishuo/cms/action/manage/ManageUpLoadAction.java. The manipulation of the argument file leads to unrestricted upload. The attack can be...
1000 Projects Attendance Tracking Management System 注入漏洞
1000 Projects Attendance Tracking Management System is an open source attendance management system from 1000 Projects. An injection vulnerability exists in version 1.0 of 1000 Projects Attendance Tracking Management System, which originates from an SQL injection vulnerability in the attendanceid...
PT-2024-17865 · Unknown · 1000 Projects Attendance Tracking Management System
Name of the Vulnerable Software and Affected Versions: 1000 Projects Attendance Tracking Management System version 1.0 Description: A critical issue was found in the 1000 Projects Attendance Tracking Management System. This issue affects the file /admin/attendance action.php and is related to the...
PT-2024-17817 · Unknown · 1000 Projects Attendance Tracking Management System
Name of the Vulnerable Software and Affected Versions: 1000 Projects Attendance Tracking Management System version 1.0 Description: A critical issue has been found in the 1000 Projects Attendance Tracking Management System, affecting some unknown processing of the file /admin/admin action.php. Th...
PT-2024-17811 · Unknown · 1000 Projects Attendance Tracking Management System
Name of the Vulnerable Software and Affected Versions: 1000 Projects Attendance Tracking Management System version 1.0 Description: A critical vulnerability has been found in the 1000 Projects Attendance Tracking Management System. This issue affects unknown code of the file /admin/student...
PT-2024-16550 · Unknown · Codezips Hospital Appointment System
Name of the Vulnerable Software and Affected Versions: Codezips Hospital Appointment System version 1.0 Description: A critical issue has been found in the system, affecting some unknown processing of the file /doctorAction.php. The manipulation of the argument Name leads to sql injection. The...
CVE-2024-10449
A vulnerability, which was classified as critical, was found in Codezips Hospital Appointment System 1.0. This affects an unknown part of the file /loginAction.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has be...
CVE-2024-6830
A vulnerability, which was classified as critical, was found in SourceCodester Simple Inventory Management System 1.0. Affected is an unknown function of the file action.php of the component Order Handler. The manipulation of the argument orderid leads to sql injection. It is possible to launch t...
CVE-2024-3146
A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/makehtmlrssaction.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and...
CVE-2024-3145
A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/makehtmljsaction.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to...
PT-2024-24091 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A problematic issue has been found in DedeCMS, affecting an unknown part of the file /src/dede/makehtml rss action.php. This issue leads to cross-site request forgery and can be initiated remotely. The exploit...
CVE-2024-2351
A vulnerability classified as critical was found in CodeAstro Ecommerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file action.php of the component Search. The manipulation of the argument catid/brandid/keyword leads to sql injection. The attack can be launched...