CVE-2025-8852 WuKongOpenSource WukongCRM API Response upload information exposure

A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to information exposure through error message. It is possible to initiate the attack remotely. The exploit ha...

CVE-2025-8852

WuKongOpenSource WukongCRM 11.0 is affected by CVE-2025-8852 in the API Response Handler’s /adminFile/upload area. The vulnerability enables information exposure via error messages and supports remote initiation. Publicly disclosed exploit information exists (POC), with multiple sources confirmin...

PT-2025-32547 · Wukongopensource · Wukongcrm

Name of the Vulnerable Software and Affected Versions: WuKongOpenSource WukongCRM version 11.0 Description: A vulnerability exists in WuKongOpenSource WukongCRM 11.0, specifically within an unknown part of the /adminFile/upload file of the API Response Handler component. This allows for informati...

CVE-2025-8247

A vulnerability classified as critical has been found in Projectworlds Online Admission System 1.0. This affects an unknown part of the file /admin.php. The manipulation of the argument markof leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed t...

Projectworlds Online Admission System 注入漏洞

Projectworlds Online Admission System is an online admission system from Projectworlds India. An injection vulnerability exists in Projectworlds Online Admission System version 1.0, which stems from an incorrect operation of the parameter markof in the file /admin.php resulting in SQL injection...

Online Appointment Booking System deletedoctorclinic.php File SQL Injection Vulnerability

Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter clinic in the file /admin/deletedoctorclinic.ph...

Church Donation System /login_admin.php File SQL Injection Vulnerability

The Church Donation System is a system of church giving. The Church Donation System suffers from a SQL injection vulnerability that stems from the lack of validation of an externally entered SQL statement in the parameter Username in the file /members/loginadmin.php. An attacker can exploit this...

PHPGurukul User Registration & Login and User Management System 注入漏洞

PHPGurukul User Registration & Login and User Management System is a user registration & login and user management system from PHPGurukul Inc. An injection vulnerability exists in version 3.3 of the PHPGurukul User Registration & Login and User Management System, which originates from a SQL...

Online Library Management System /admin/student-history.php File SQL Injection Vulnerability

Online Library Management System is an online library management system. A SQL injection vulnerability exists in Online Library Management System, which originates from the lack of validation of externally-entered SQL statements in the parameter stdid in the file /admin/student-history.php. An...

Mobile Shop LoginAsAdmin.php File SQL Injection Vulnerability

Mobile Shop is a mobile store. Mobile Shop suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter email in the file /LoginAsAdmin.php. An attacker can exploit this vulnerability to execute illegal SQL commands to...

Vehicle Parking Management System view-outgoingvehicle-detail.php file SQL Injection Vulnerability

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter viewid in file /admin/view-outgoingvehicle-detail.php...

The Scratch Channel 安全漏洞

The Scratch Channel is a project website of The Scratch Channel open source. A security vulnerability exists in The Scratch Channel, which stems from a code issue in the api/admin.js file that could lead to a cross-site scripting attack...

CVE-2025-7559

A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-report-result.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack...

CVE-2025-7136

A vulnerability, which was classified as critical, was found in Campcodes Online Recruitment Management System 1.0. Affected is an unknown function of the file /admin/viewvacancy.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The...

Car Rental System message_admin.php File SQL Injection Vulnerability

Car Rental System is a car rental system. Car Rental System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the messageadmin.php file's parameter Message. An attacker can use this vulnerability to execute illegal SQL commands...

Code-Projects Food Distributor Site 代码注入漏洞

Code-Projects Food Distributor Site is a Code-Projects open source food distributor site. A code injection vulnerability exists in Code-Projects Food Distributor Site version 1.0, which originates from cross-site scripting due to incorrect operation of the parameters sitephone/siteemail/address i...

CVE-2025-6579

A vulnerability was found in code-projects Car Rental System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /messageadmin.php. The manipulation of the argument Message leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-6411

A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/changepropic.php. The manipulation of the argument imageid leads to sql injection. The attack can be launched...

PHPGurukul Art Gallery Management System 注入漏洞

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of an externally-entered SQL statement in the parameter editid in the file /admin/edit-art-medium-detail.php. A...

CVE-2025-6342 code-projects Online Shoe Store admin_football.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. This issue affects some unknown processing of the file /admin/adminfootball.php. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit...