CVE-2021-3264

SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php...

CVE-2020-11585

There is an information disclosure issue in DNN formerly DotNetNuke 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager other than ones contained in a secure folder by sending themselves a message...

CVE-2020-10424

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-fields.php by adding a question mark ? followed by the payload...

CVE-2017-15733

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery CSRF in admin/ajax.attachment.php and admin/att.main.php...

CVE-2017-20077

A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. This issue affects some unknown processing of the file /admin/successstory.php. The manipulation leads to improper privilege management. The attack may be initiated remotely. The exploit has been disclosed to th...

Zoo Management System /admin/edit-animal-details.php File SQL Injection Vulnerability

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter aname in the file /admin/edit-animal-details.php. An attacker can exploit this...

CVE-2025-4915 PHPGurukul Auto Taxi Stand Management System auto-taxi-entry-detail.php sql injection

A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/auto-taxi-entry-detail.php. The manipulation of the argument price leads to sql injection. The attack can be initiated...

PHPGurukul Apartment Visitors Management System 注入漏洞

Apartment Visitors Management System is an apartment visitor management system. Apartment Visitors Management System suffers from a SQL injection vulnerability, which originates from improper manipulation of the parameters fromdate/todate in the file /admin/bwdates-passreports-details.php. An...

CVE-2025-4469 SourceCodester Online Student Clearance System add-admin.php cross site scripting

A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of the argument txtusername/txtfullname/txtpassword/txtpassword2 leads to cross site scripting. It is...

SourceCodester Online Student Clearance System 注入漏洞

SourceCodester Online Student Clearance System is a SourceCodester open source online student management system. SourceCodester Online Student Clearance System version 1.0 has an injection vulnerability, the vulnerability stems from the parameter txtfullname/txtemail/cmddesignation operation in t...

SLiMS 9 Bulian 安全漏洞

SLiMS 9 Bulian is a free and open source software from the SLiMS community in Indonesia. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. A security vulnerability exists in SLiMS 9 Bulian version 9.6.1, which originates...

Online Nurse Hiring System view-request.php File SQL Injection Vulnerability

Online Nurse Hiring System is an online nurse hiring system. Online Nurse Hiring System suffers from a SQL injection vulnerability that originates from the lack of validation of the viewid parameter in the file /admin/view-request.php against an externally-entered SQL statement. An attacker can u...

Art Gallery Management System manage-art-medium.php File SQL Injection Vulnerability

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter artmed in the file /admin/manage-art-medium.php. An attacke...

CVE-2025-4307

A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been classified as critical. Affected is an unknown function of the file /admin/add-art-medium.php. The manipulation of the argument artmed leads to sql injection. It is possible to launch the attack remotely. The...

SourceCodester Web-based Pharmacy Product Management System 代码注入漏洞

SourceCodester Web-based Pharmacy Product Management System is SourceCodester open source a Web-based pharmacy product management system. A code injection vulnerability exists in version 1.0 of the SourceCodester Web-based Pharmacy Product Management System, which results from incorrect...

CVE-2025-3571 Fannuo Enterprise Content Management System 凡诺企业网站管理系统 cms_chip.php sql injection

A vulnerability was found in Fannuo Enterprise Content Management System 凡诺企业网站管理系统 1.1/4.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/cmschip.php. The manipulation of the argument del leads to sql injection. The attack can be initiated remotely...

CVE-2025-29389

PbootCMS v3.2.9 contains a XSS vulnerability in admin.php?p=/Content/index/mcode/2tab=t2...

PT-2025-15110 · Unknown · Codeprojects Online Restaurant Management System

Name of the Vulnerable Software and Affected Versions: codeprojects Online Restaurant Management System version 1.0 Description: A critical vulnerability has been found in the codeprojects Online Restaurant Management System. The issue affects an unknown functionality of the file /admin/combo...

CVE-2025-3244

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add-admin.php of the component Create User Page. The manipulation of the argument Avatar leads to...

CVE-2025-2665

A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate th...