11469 matches found
CVE-2025-11509 code-projects E-Commerce Website product_add.php sql injection
A vulnerability was detected in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/productadd.php. Performing manipulation of the argument prodname results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used...
CVE-2025-11509
Code-projects E-Commerce Website 1.0 is affected by a SQL injection in the prod_name parameter of /pages/product_add.php. Connected sources (CNVD-2025-23964, RH-CVE-2025-11509, CNNVD-202510-1110, PT-2025-41317, etc.) describe exploitation remotely and publicly available exploit code, indicating t...
CVE-2025-11508
Voting System 1.0 contains a vulnerability in /admin/voters_add.php where manipulating the photo argument enables unrestricted file uploads. The issue is remotely exploitable and has publicly disclosed exploit information. No patch/version remediation details are provided in the supplied document...
CVE-2025-11508 code-projects Voting System voters_add.php unrestricted upload
A security vulnerability has been detected in code-projects Voting System 1.0. This affects an unknown function of the file /admin/votersadd.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and...
CVE-2025-11508 code-projects Voting System voters_add.php unrestricted upload
A security vulnerability has been detected in code-projects Voting System 1.0. This affects an unknown function of the file /admin/votersadd.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and...
CVE-2025-11410
A flaw has been found in Campcodes Advanced Online Voting Management System 1.0. This affects an unknown function of the file /admin/votersadd.php. Executing manipulation of the argument firstname can lead to sql injection. The attack can be executed remotely. The exploit has been published and m...
CVE-2025-11485
A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function adduser of the file /admin.php of the component Manage Users Page. This manipulation of the argument firstname/lastname causes cross site scripting. The attack can be initiated remotely...
CVE-2025-11485
A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function adduser of the file /admin.php of the component Manage Users Page. This manipulation of the argument firstname/lastname causes cross site scripting. The attack can be initiated remotely...
EUVD-2025-33292
A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function adduser of the file /admin.php of the component Manage Users Page. This manipulation of the argument firstname/lastname causes cross site scripting. The attack can be initiated remotely...
CVE-2025-11485
CVE-2025-11485 affects SourceCodester Student Grades Management System 1.0, specifically the add_user function in /admin.php within the Manage Users Page. The vulnerability arises from manipulating the first_name/last_name parameters, enabling cross-site scripting (XSS). The issue can be exploite...
Melis Platform CMS Unauthenticated Admin Account Creation
Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCore/ToolUser/addNewUser'...
CVE-2025-10352
The CVE-2025-10352 entry details an unauthenticated vulnerability in Melis Platform’s melis-core, allowing an attacker to create an administrator account via /melis/MelisCore/ToolUser/addNewUser. Affected: Melis Platform melis-core module; impact is unauthorized admin creation with potential full...
CVE-2025-11347
A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function moveuploadedfile of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated...
CVE-2025-11417
A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. This vulnerability affects unknown code of the file /admin/votersadd.php. Executing manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has be...
CVE-2025-11417
A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. This vulnerability affects unknown code of the file /admin/votersadd.php. Executing manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has be...
Linux Distros Unpatched Vulnerability : CVE-2022-50550
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - blk-iolatency: Fix memory leak on adddisk failures When a gendisk is successfully initialized but adddisk fails such as when a loop device has invalid number of...
Melis Platform 安全漏洞
Melis Platform is an open source cross-framework digital platform from Melis Platform Open Source. A security vulnerability exists in Melis Platform, which originates in the melis-core module and allows an unauthenticated attacker to create an administrator account by requesting...
Code-Projects E-Commerce Website SQL注入漏洞
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter suppemail in the file /pages/supplieradd.php. An attacker can exploit this vulnerability to...
CVE-2025-60299
Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database a...
PT-2025-41317
Name of the Vulnerable Software and Affected Versions code-projects E-Commerce Website version 1.0 Description A flaw exists in code-projects E-Commerce Website 1.0. Manipulation of the prod name argument in the file '/pages/product add.php' can lead to SQL injection. This issue may be exploited...