EUVD-2026-34856

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely...

SourceCodester Water Billing Management System SQL Injection Vulnerability

The SourceCodester Water Billing Management System is an open-source water billing management system developed by SourceCodester. Version 1.0 of the SourceCodester Water Billing Management System contains a SQL injection vulnerability. This vulnerability stems from incorrect parameter handling in...

EUVD-2025-209447

In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter...

EUVD-2026-10141

A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function otanewupgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor wa...

code-projects Exam Form Submission 安全漏洞

Exam Form Submission is an exam form. Exam Form Submission suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in parameter ID in file /admin/deletes7.php. An attacker can exploit this vulnerability to execute illegal SQL commands...

CVE-2025-6885

A vulnerability, which was classified as critical, was found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/edit-teacher-detail.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely...

CVE-2025-5179

A vulnerability classified as problematic was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Affected by this vulnerability is an unknown functionality of the file /adm/index.php of the component Cadastro de Administrador Page. The manipulation of the argument Name/Usuário leads to...

SourceCodester Doctors Appointment System 注入漏洞

SourceCodester Doctors Appointment System is SourceCodester open source a doctor appointment system. An injection vulnerability exists in SourceCodester Doctors Appointment System version 1.0, which originates from SQL injection due to incorrect manipulation of the parameter ID in the file...

CVE-2024-11493

A vulnerability classified as problematic was found in 115cms up to 20240807. This vulnerability affects unknown code of the file /index.php/setpage/admin/pageAE.html. The manipulation of the argument tid leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

CVE-2024-50842

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/schoolyear.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the schoolyear parameter...

PT-2024-16305 · Unknown · Linzhaoguan Pb-Cms

Name of the Vulnerable Software and Affected Versions: LinZhaoguan pb-cms versions up to 2.0.1 Description: A problematic issue was found in the Permission Management Page component, affecting the /adminpermissions file. This leads to cross-site scripting, which can be initiated remotely. The iss...

PT-2024-25306 · Sourcecodester · Sourcecodester Aplaya Beach Resort Online Reservation System

Name of the Vulnerable Software and Affected Versions: SourceCodester Aplaya Beach Resort Online Reservation System version 1.0 Description: A critical issue has been found, affecting an unknown function of the file admin/mod users/index.php. The manipulation of the id argument leads to SQL...

Purchase Order Management System 代码问题漏洞

Purchase Order Management System is a Purchase Order Management System by Carlo Montero Personal Developer. A code issue vulnerability exists in Purchase Order Management System v1.0, which was discovered via /purchaseorder/admin/?page=systeminfo contains a file upload vulnerability...

CVE-2022-43179

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/?page=user/manageuser&id=...

CVE-2022-29683

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/pagedel...

Money Transfer Management System SQL注入漏洞

Money Transfer Management System is a money transfer management system. Money Transfer Management System 1.0 suffers from a SQL injection vulnerability that originates from a SQL injection point in the /mtms/admin/?page=user/manageuser&id= path in the Insurance Management System system, which can...

CVE-2022-28411

Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/admin/?page=agents/manageagent...

EC Cloud E-Commerce System 跨站请求伪造漏洞

Amazon Web Services Ec Cloud E-Commerce System is a cloud-based e-commerce system from Amazon Web Services, Inc. A security vulnerability exists in EC Cloud E-Commerce System version 1.3, which allows an attacker to arbitrarily add an administrator account via "/admin.html?do=user&act=add"...

CVE-2018-18259

Stored XSS has been discovered in version 1.0.12 of the LUYA CMS software via /admin/api-cms-nav/create-page...

Monstra CMS Cross-Site Scripting Vulnerability (CNVD-2018-08254)

Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. A cross-site scripting vulnerability exists in Monstra CMS version 3.0.4. A remote attacker can exploit the...