PT-2025-34732

Name of the Vulnerable Software and Affected Versions: 1000projects Online Project Report Submission and Evaluation System version 1.0 Description: A SQL injection issue exists due to the manipulation of the batch id argument in the processing of the /admin/controller/delete group student.php fil...

CVE-2025-45315

A cross-site scripting XSS vulnerability in the /controller/admin.php endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the email parameter...

CVE-2025-45315

CVE-2025-45315 describes an XSS vulnerability in hortusfox-web v4.4 via the /controller/admin.php endpoint, exploitable by injecting a crafted payload into the email parameter to execute JavaScript in a user’s browser. The underlying cause is misuse/insufficient sanitization of the email input, e...

pybbs 安全漏洞

pybbs is a community platform for Java development by iuiu individual developers. A security vulnerability exists in pybbs 6.0.0 and earlier versions, which stems from a weak password requirement in the function update in the file...

Roothub 代码注入漏洞

Roothub is a forum system developed using SSM and MySQL. A code injection vulnerability exists in Roothub 2.6 and earlier versions, which originates from cross-site scripting due to function Edit in file src/main/java/cn/roothub/web/admin/SystemConfigAdminController.java...

FoxCMS 注入漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. FoxCMS 1.2.5 and previous versions exist injection vulnerability, the vulnerability stems from the file app/admin/controller/Video.php in the parameter ids of the wrong operation leads to SQL injection...

bicycleSharingServer 注入漏洞

bicycleSharingServer is a bicycle sharing JavaWEB backend for huija individual developers in China. An injection vulnerability exists in bicycleSharingServer version 1.0, which originates from a mishandling of the selectAdminByNameLike function in the AdminController.java file, which could lead t...

bicycleSharingServer 注入漏洞

bicycleSharingServer is a bicycle sharing JavaWEB backend for huija individual developers in China. An injection vulnerability exists in bicycleSharingServer, which stems from improper manipulation of the Title parameter in the searchAdminMessageShow function in the AdminController.java file, whi...

CVE-2024-36691

Insecure permissions in the AdminController.AjaxSave method of PPGoJobs v2.8.0 allows authenticated attackers to arbitrarily modify users' account information...

CVE-2019-5310

YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by sitetitle in an admin/system/basic POST request...

CVE-2016-10755

AbanteCart 1.2.8 allows SQL Injection via the sourcelanguage parameter to admin/controller/pages/localisation/language.php and core/lib/languagemanager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php...

CVE-2025-29391

CVE-2025-29391 – horvey Library-Manager v1.0 is affected by a SQL Injection in Admin/Controller/BookController.class.php. The vulnerability stems from improper handling of input in the BookController, enabling attacker-controlled SQL execution. The CVSS v3.1 base score is 7.2 (HIGH) with network ...

PublicCMS 代码问题漏洞

PublicCMS is an open source content management system CMS written in Java language by PublicCMS China. A security vulnerability exists in PublicCMS version v4.0.202406, which originates from the /cms/CmsWebFileAdminController.java component that allows the upload of specially crafted svg or xml...

CVE-2024-13197

A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been rated as problematic. This issue affects the function updateUser of the file src/main/Java/org/zdd/bookstore/web/controller/admin/AdminUserControlle.java. The manipulation leads to cross site scripting. The attack may be...

HouseRent 安全漏洞

HouseRent is a house rental management system by Mr.W individual developer. An auto-caching JWK-Set HTTP client is provided. A security vulnerability exists in HouseRent version 1.0, which stems from unknown functionality in the file src/main/java/com/house/wym/controller/AdminController.java tha...

PT-2025-2067 · Unknown · Singmr Houserent

Name of the Vulnerable Software and Affected Versions: SingMR HouseRent version 1.0 Description: A critical issue has been found, affecting some unknown functionality of the file src/main/java/com/house/wym/controller/AdminController.java. This leads to improper access controls, and the attack ca...

Arbitrary File Upload

Overview alexstack/laravel-cms is a Simple Bootstrap Laravel CMS Affected versions of this package are vulnerable to Arbitrary File Upload due to unchecked access to the downloadFile function in index in LaravelCmsFileAdminController.php. Remediation There is no fixed version for...

CVE-2024-50801

CVE-2024-50801 and CVE-2024-50802 describe SQL Injection in AbanteCart 1.4.0 via the update() function. For CVE-2024-50801, the vulnerability is in public_html/admin/controller/responses/listing_grid/collections.php (id parameter). For CVE-2024-50802, it is in public_html/admin/controller/respons...

CVE-2024-8694

A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is...

PHPGurukul Job Portal SQL注入漏洞

PHPGurukul Job Portal is a PHP-based job search website system from PHPGurukul. A SQL injection vulnerability exists in PHPGurukul Job Portal version 1.0, which originates from the CATEGORY parameter in /jobportal/admin/category/controller.php...