412 matches found
CVE-2025-10840
CVE-2025-10840 affects SourceCodester Pet Grooming Management Software 1.0. The vulnerability is a SQL injection in the file /admin/print-payment.php via manipulation of the sql111 argument, enabling remote exploitation. Public exploits exist. Multiple sources report impact across confidentiality...
CVE-2025-10839 SourceCodester Pet Grooming Management Software inv-print.php sql injection
A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. The impacted element is an unknown function of the file /admin/inv-print.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has bee...
CVE-2025-10826
A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate results in sql injection. The attack can be launche...
CVE-2025-10806 Campcodes Online Beauty Parlor Management System bwdates-reports-details.php sql injection
A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiated remotely. The exploi...
CampCodes Online Beauty Parlor Management System SQL注入漏洞
CampCodes Online Beauty Parlor Management System is an online beauty parlor management system from CampCodes Philippines, Inc. A SQL injection vulnerability exists in CampCodes Online Beauty Parlor Management System version 1.0, which stems from an incorrect manipulation of the parameter editid i...
CVE-2009-20006
The CVE-2009-20006 issue affects osCommerce
PT-2025-38002
Name of the Vulnerable Software and Affected Versions: osCommerce versions up to and including 2.2 RC2a Description: osCommerce versions up to and including 2.2 RC2a contain a flaw in the administrative file manager utility admin/file manager.php. The interface lacks sufficient input validation a...
CVE-2025-10430
A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/barcode.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and ma...
CVE-2025-10403
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/view-enquiry.php. The manipulation of the argument viewid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclose...
CVE-2025-10116
A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/fileupload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used...
CVE-2025-10116
A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/fileupload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used...
CVE-2025-10116 SiempreCMS file_upload.php unrestricted upload
A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/fileupload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used...
CVE-2025-10033
A vulnerability has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...
CVE-2025-10025
A vulnerability has been found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/semester.php. The manipulation of the argument semester leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2025-10025 PHPGurukul Online Course Registration semester.php sql injection
A vulnerability has been found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/semester.php. The manipulation of the argument semester leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2025-9919
A vulnerability was identified in 1000projects Beauty Parlour Management System 1.0. This affects an unknown function of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploi...
Apartment Management System /admin.php File SQL Injection Vulnerability
Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in ddlBranch, a parameter of the Setting Handler component in file...
CVE-2025-9919
A vulnerability was identified in 1000projects Beauty Parlour Management System 1.0. This affects an unknown function of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploi...
PT-2025-35794
Name of the Vulnerable Software and Affected Versions: 1000projects Beauty Parlour Management System version 1.0 Description: A SQL injection issue exists in 1000projects Beauty Parlour Management System version 1.0. The vulnerability is located in the /admin/bwdates-reports-details.php file...
CVE-2025-9830
CVE-2025-9830 affects PHPGurukul Beauty Parlour Management System 1.1. The vulnerability is a SQL injection in the file /admin/add-customer-services.php, triggered by manipulating the sids[] parameter. It is exploitable remotely and publicly available exploits exist. Reported by multiple sources ...