40 matches found
CVE-2025-11508
Voting System 1.0 contains a vulnerability in /admin/voters_add.php where manipulating the photo argument enables unrestricted file uploads. The issue is remotely exploitable and has publicly disclosed exploit information. No patch/version remediation details are provided in the supplied document...
CVE-2025-11417
A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. This vulnerability affects unknown code of the file /admin/votersadd.php. Executing manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has be...
CVE-2025-7469
A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/productadd.php. The manipulation of the argument prodname leads to sql injection. The attack may be initiated remotely. The exploit has...
CampCodes Sales and Inventory System 注入漏洞
CampCodes Sales and Inventory System is a sales and inventory system from CampCodes, Inc. An injection vulnerability exists in CampCodes Sales and Inventory System version 1.0, which stems from an improper handling of the parameter Category in the file /pages/catadd.php resulting in SQL injection...
SourceCodester Online Student Clearance System 代码注入漏洞
SourceCodester Online Student Clearance System is a SourceCodester open source online student management system. A code injection vulnerability exists in SourceCodester Online Student Clearance System version 1.0, which originates from cross-site scripting due to a parameter Username operation in...
CVE-2024-35375
There is an arbitrary file upload vulnerability on the media add .php page in the backend of the website in version 5.7.114 of DedeCMS...
CVE-2024-12181
A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploadsadd.php of the component SWF File Handler. The manipulation of the argument mediatype leads to cross site scripting. The attack can be...
PT-2024-17473 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.116 Description: A problematic vulnerability was found in DedeCMS, affecting an unknown functionality of the file /member/uploads add.php of the component SWF File Handler. The manipulation of the mediatype argument leads ...
PT-2024-39846 · Unknown · Sourcecodester Profile Registration Without Reload Refresh
Name of the Vulnerable Software and Affected Versions: SourceCodester Profile Registration without Reload Refresh version 1.0 Description: A vulnerability has been found in the system, marked as problematic. The issue affects an unknown functionality of the file add.php. The manipulation of the...
PT-2024-39426 · Sourcecodester · Sourcecodester Profile Registration Without Reload Refresh
Name of the Vulnerable Software and Affected Versions: SourceCodester Profile Registration without Reload Refresh version 1.0 Description: A problem was found in the Registration Form component of the file add.php, which can lead to cross site scripting when the full name argument is manipulated...
SourceCodester Home Clean Service System 代码问题漏洞
Home Clean Service System is a system for providing home cleaning services by Carlo Montero, an individual developer. A code issue vulnerability exists in SourceCodester Home Clean Service System version 1.0, which stems from a file upload vulnerability in the file adminstudent.add.php...
PT-2024-18336 · Unknown · Code-Projects Crime Reporting System
Name of the Vulnerable Software and Affected Versions: code-projects Crime Reporting System version 1.0 Description: A critical issue affects the processing of the file police add.php. The manipulation of the arguments police name, police id, police spec, or password leads to SQL injection. The...
CVE-2023-5301
A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file albumadd.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed t...
PT-2023-32021 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.111 Description: A critical vulnerability was found in DedeCMS, affecting the AddMyAddon function of the album add.php file. The manipulation of the albumUploadFiles argument leads to os command injection. The attack can b...
CVE-2023-4872
A vulnerability, which was classified as critical, has been found in SourceCodester Contact Manager App 1.0. This issue affects some unknown processing of the file add.php. The manipulation of the argument contact/contactName leads to sql injection. The attack may be initiated remotely. The explo...
PT-2023-30893 · Sourcecodester · Sourcecodester Contact Manager App
Name of the Vulnerable Software and Affected Versions: SourceCodester Contact Manager App version 1.0 Description: A vulnerability was found in the SourceCodester Contact Manager App, affecting an unknown functionality of the file add.php. This issue leads to cross-site request forgery and can be...
CVE-2020-19113
Arbitrary File Upload vulnerability in Online Book Store v1.0 in adminadd.php, which may lead to remote code execution...
CVE-2017-17730
DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flinkadd.php...
SQL injection vulnerability in program\form\receive\data_add.php page of Dreamline Monxin enterprise station builder system
Monxin Enterprise Station Building System is a self-service station building system based on PHP language development. A SQL injection vulnerability exists in the program\form\receive\dataadd.php page of the Monxin Enterprise Station Building System. The vulnerability is due to the system failing...
PT-2006-7072 · Midicart · Midicart
Name of the Vulnerable Software and Affected Versions: Midicart affected versions not specified Description: The issue concerns an unrestricted file upload vulnerability. It allows remote authenticated users to upload arbitrary files, possibly including .php files, to the images/ directory under...