Lucene search
+L

38 matches found

ptsecurity
ptsecurity
added 2026/02/22 12:0 a.m.7 views

PT-2026-21433

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or cat id parameters to add-item.php to execu...

8.8CVSS6.3AI score0.00232EPSS
Exploits0References3
osv
osv
added 2025/05/10 5:15 p.m.7 views

CVE-2025-4507

A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/add-item.php. The manipulation of the argument price leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

9.8CVSS5.8AI score0.00432EPSS
Exploits1References5
cnnvd
cnnvd
added 2025/05/10 12:0 a.m.5 views

CampCodes Online Food Ordering System 注入漏洞

CampCodes Online Food Ordering System is an online food ordering system from CampCodes, Inc. An injection vulnerability exists in version 1.0 of the CampCodes Online Food Ordering System, which originates from a SQL injection due to incorrect manipulation of the parameter price in the file...

9.8CVSS7.7AI score0.00432EPSS
Exploits1References6
osv
osv
added 2025/04/29 4:15 p.m.5 views

CVE-2025-4069

A vulnerability, which was classified as critical, has been found in code-projects Product Management System 1.0. Affected by this issue is the function additem. The manipulation of the argument st.productname leads to stack-based buffer overflow. An attack has to be approached locally. The explo...

7.8CVSS5.7AI score0.00288EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2025/04/29 3:31 p.m.9 views

CVE-2025-4069 code-projects Product Management System add_item stack-based overflow

A vulnerability, which was classified as critical, has been found in code-projects Product Management System 1.0. Affected by this issue is the function additem. The manipulation of the argument st.productname leads to stack-based buffer overflow. An attack has to be approached locally. The explo...

5.3CVSS5.4AI score0.00288EPSS
Exploits1References5
osv
osv
added 2025/04/29 1:15 p.m.6 views

CVE-2025-4061

A vulnerability, which was classified as critical, was found in code-projects Clothing Store Management System up to 1.0. Affected is the function additem. The manipulation of the argument st.productname leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has bee...

7.8CVSS5.8AI score0.00286EPSS
Exploits1References5
cnnvd
cnnvd
added 2025/04/29 12:0 a.m.7 views

Code-Projects Clothing Store Management System 安全漏洞

Code-Projects Clothing Store Management System is Code-Projects open source a clothing store management system . A security vulnerability exists in Code-Projects Clothing Store Management System version 1.0, which stems from a mishandling of the additem function with the parameter st.productname,...

7.8CVSS5.8AI score0.00286EPSS
Exploits1References5
cnnvd
cnnvd
added 2025/04/29 12:0 a.m.6 views

Code-Projects Product Management System 安全漏洞

Code-Projects Product Management System is an open source product management system from Code-Projects. A security vulnerability exists in Code-Projects Product Management System version 1.0, which stems from an improper operation of the additem function on the parameter st.productname, which cou...

7.8CVSS5.8AI score0.00288EPSS
Exploits1References5
osv
osv
added 2024/06/21 1:16 a.m.4 views

CVE-2024-6214

A vulnerability was found in SourceCodester Food Ordering Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file add-item.php. The manipulation of the argument price leads to sql injection. The attack can be initiated remotely. The exploit has...

8.8CVSS5.8AI score0.00532EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2024/06/20 12:0 a.m.10 views

PT-2024-37456 · Unknown · Sourcecodester Food Ordering Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Food Ordering Management System version 1.0 Description: A critical issue has been found in the SourceCodester Food Ordering Management System. The problem affects the file add-item.php, where the manipulation of the price...

8.8CVSS8.1AI score0.00532EPSS
Exploits1References10
osv
osv
added 2023/11/02 2:15 p.m.3 views

CVE-2023-45323

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS5.8AI score0.007EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2023/11/02 12:0 a.m.5 views

PT-2023-29498 · Unknown · Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: Online Food Ordering System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. The name parameter of the "routers/add-item.php" resource does not validate the characters received and they are...

9.8CVSS9.8AI score0.007EPSS
Exploits1References7
cnnvd
cnnvd
added 2023/11/02 12:0 a.m.5 views

Online Food Ordering System SQL Injection Vulnerability

Online Food Ordering System is an online food ordering system by Carlo Montero, a personal developer. A SQL injection vulnerability exists in Online Food Ordering System v1.0, which is caused by insufficient filtering of the name parameter on the routers/add-item.php page...

9.8CVSS8AI score0.007EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2023/11/02 12:0 a.m.8 views

PT-2023-29499 · Unknown · Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: Online Food Ordering System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. The price parameter of the "routers/add-item.php" resource is vulnerable. This could potentially allow unauthorize...

7.4AI score
Exploits0References5
osv
osv
added 2023/05/14 9:15 a.m.4 views

CVE-2023-2691

A vulnerability, which was classified as problematic, was found in SourceCodester Personnel Property Equipment System 1.0. Affected is an unknown function of the file admin/additem.php of the component POST Parameter Handler. The manipulation of the argument itemname leads to cross site scripting...

5.4CVSS4AI score0.00636EPSS
Exploits1References3
cnnvd
cnnvd
added 2023/05/14 12:0 a.m.5 views

SourceCodester Personnel Property Equipment System 跨站脚本漏洞

Personnel Property Equipment System is a personnel property equipment management system by Jon Remus Sevellejo personal developer. A cross-site scripting vulnerability exists in Personnel Property Equipment System v1.0, which stems from the lack of effective filtering and escaping of user-supplie...

5.4CVSS6AI score0.00636EPSS
Exploits1References5
prion
prion
added 2008/01/17 2:0 a.m.13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the 1 Core or 2 add-item modules; or via 3 HTTP PROPPATCH in the WebDAV module...

4.3CVSS5.8AI score0.01951EPSS
Exploits0References7Affected Software1
attackerkb
attackerkb
added 2008/01/17 2:0 a.m.4 views

CVE-2007-6687

Multiple cross-site scripting XSS vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the 1 Core or 2 add-item modules; or via 3 HTTP PROPPATCH in the WebDAV module...

4.3CVSS5.4AI score0.01951EPSS
Exploits0References8
Rows per page
Query Builder