CVE-2025-70891

A stored cross-site scripting XSS vulnerability exists in Phpgurukul Cyber Cafe Management System v1.0 within the user management module. The application does not properly sanitize or encode user-supplied input submitted via the uadd parameter in the add-users.php endpoint. An authenticated...

CVE-2025-70890

A stored cross-site scripting XSS vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s browser when the...

CVE-2025-70890

The CVE-2025-70890 entry describes a stored XSS in Cyber Cafe Management System v1.0, via the username parameter of add-users.php. An authenticated attacker can inject JavaScript that is stored and executed when the affected page is viewed. The CVSS 3.1 vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...

Phpgurukul Cyber Cafe Management System 安全漏洞

Cyber Cafe Management System is an internet cafe management system. Cyber Cafe Management System suffers from a SQL injection vulnerability that stems from the username parameter of the add-users.php endpoint not adequately validating user input, no details of the vulnerability are available at...

PHPGurukul Cyber Cafe Management System 安全漏洞

Cyber Cafe Management System is an internet cafe management system. A cross-site scripting vulnerability exists in Cyber Cafe Management System that stems from the username parameter of the add-users.php endpoint not adequately handling the input, no details of the vulnerability are available at...

PHPGurukul Cyber Cafe Management System 安全漏洞

Cyber Cafe Management System is an internet cafe management system. A cross-site scripting vulnerability exists in Cyber Cafe Management System that stems from the uadd parameter of the add-users.php endpoint not being sufficiently cleaned up or coded for user input, and for which no detailed...

CVE-2025-70892

CVE-2025-70892 affects Phpgurukul Cyber Cafe Management System v1.0. A SQL Injection flaw exists in the user management module via the add-users.php endpoint, specifically in the username parameter where input is not properly validated. This vulnerability is described across multiple sources (NVD...

CVE-2025-70891

CVE-2025-70891 is a stored XSS vulnerability in Phpgurukul Cyber Cafe Management System v1.0, affecting the add-users.php endpoint’s uadd parameter. The issue arises from insufficient sanitization/encoding of user input, allowing an authenticated attacker to persistently store arbitrary JavaScrip...

CVE-2018-19411

PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account including administrator via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights...

Code-Projects Refugee Food Management System SQL注入漏洞

Refugee Food Management System is a refugee food management system. Refugee Food Management System suffers from a SQL injection vulnerability that stems from the incorrect manipulation of parameter a in the file /home/addusers.php, no details of the vulnerability are available at this time...

CVE-2018-25149

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...

CVE-2018-25149

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...

CVE-2025-60645

A Cross-Site Request Forgery CSRF in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request...

CVE-2025-60645

A Cross-Site Request Forgery CSRF in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request...

CVE-2025-56009

Cross site request forgery CSRF vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...

EUVD-2021-19018

Malware in sbrugna...

EUVD-2005-0306

Malware in sbrugna...

CVE-2025-56274

SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged such as admin sessions and perform sensitive operations such as adding new users...

Malicious code in add-users (npm)

The package add-users was found to contain malicious code...

MAL-2025-14071 Malicious code in add-users (npm)

The package add-users was found to contain malicious code...