CVE-2024-33303

SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting XSS via "First Name" under Add Users...

CVE-2024-33302

SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting XSS via "Middle Name" under Add Users...

CVE-2024-33304

SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting XSS via "Last Name" under Add Users...

CVE-2021-32160

A Cross-Site Scripting XSS vulnerability exists in Webmin 1.973 through the Add Users feature...

CVE-2020-25472

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery CSRF vulnerability, which allows attackers to add new users...

Cyber Cafe Management System add-users.php File SQL Injection Vulnerability

Cyber Cafe Management System is an internet cafe management system. Cyber Cafe Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter uadd in the file /add-users.php. An attacker can exploit th...

CVE-2025-4695

A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add-users.php. The manipulation of the argument uadd leads to sql injection. It is possible to launch the attack remotely. The explo...

CVE-2025-24808 Discourse has race condition when adding users to a group DM

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due...

PT-2025-12890 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.3.4 on the stable branch and prior to 3.4.0.beta5 on the beta branch Description: The issue affects an open-source discussion platform, where a race condition allows someone about to reach the user limit in a gro...

VulnCheck KEV: CVE-2022-23227

NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users...

Mars: unauthorized access and add user and change personal information all users

The report describes a vulnerability in the ██████████ website, where unauthorized access to an API endpoint allowed attackers to add new users and modify personal information of existing users. The vulnerability was classified as Improper Access Control. The issue stemmed from the absence of...

CVE-2024-6216

A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file add-users.php. The manipulation of the argument contact leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

Food Ordering Management System SQL Injection Vulnerability

Food Ordering Management System is a food ordering management system by Carlo Montero, an individual developer. It provides an online platform to order food from a restaurant or fast food chain. A SQL injection vulnerability exists in Food Ordering Management System version 1.0, which stems from...

PT-2024-37458 · Unknown · Sourcecodester Food Ordering Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Food Ordering Management System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Food Ordering Management System. The issue is related to an unknown function of the file add-users.php, wher...

DEBIAN-CVE-2024-36399

Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser. The users permission to add users to a project only get checked on the URL parameter projectid. If the user is authorized to add users to...

CVE-2024-33302

SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting XSS via "Middle Name" under Add Users...

CVE-2024-33303

SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting XSS via "First Name" under Add Users...

CVE-2024-33302

SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting XSS via "Middle Name" under Add Users...

CVE-2024-33303

SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting XSS via "First Name" under Add Users...

CVE-2024-33303

SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting XSS via "First Name" under Add Users...