WordPress Restrict User Access <= 2.5 - Cross-Site Scripting

WordPress Restrict User Access – Membership Plugin with Force versions before 2.6 is vulnerable to Reflected Cross-Site Scripting via the 'ruasection' parameter in the admin level edit page. id: CVE-2024-29138 info: name: WordPress Restrict User Access = 2.5 - Cross-Site Scripting author: Shivam...

CVE-2026-4612

A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/modusers/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument accountid leads to sql injection. Remote exploitation of t...

CVE-2026-4612 itsourcecode Free Hotel Reservation System Parameter index.php sql injection

A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/modusers/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument accountid leads to sql injection. Remote exploitation of t...

CVE-2026-4612

The CVE-2026-4612 entry concerns itsourcecode Free Hotel Reservation System 1.0. The vulnerability resides in the Parameter Handler component, specifically in /hotel/admin/mod_users/index.php?view=edit&id=8, where manipulation of the account_id argument allows SQL injection. Remote exploitation i...

EUVD-2019-19811

Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...

CVE-2019-25529

Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...

CVE-2019-25529

Placeto CMS Alpha rv.4 contains an authenticated SQL injection vulnerability in the admin/edit.php endpoint via the page parameter. Attackers can craft GET requests to extract data using boolean-based blind, time-based blind, or union-based techniques without user interaction, with LOW privileges...

PT-2026-24989

Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...

EUVD-2019-19716

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive...

CVE-2019-25490 Homey BNB V4 SQL Injection via admin edit.php

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive...

CVE-2019-25490

Homey BNB V4 contains an unauthenticated SQL injection vulnerability in admin/edit.php, exploitable via the id parameter. Time-based payloads can manipulate queries to extract sensitive database information. The description notes high impact on confidentiality and low impact on integrity, with no...

07FLYCMS和07FlyCRM 代码注入漏洞

07FLYCMS is a free and open-source content management system developed by 07FLY Company in China. 07Fly and 07FLYCRM are customer relationship management systems created by 07FLY Company. 07FLYCMS and 07FlyCRM versions 1.2.9 and earlier have a code injection vulnerability. This vulnerability stem...

PT-2026-21535

Name of the Vulnerable Software and Affected Versions Society Management System Portal version 1.0 Description A stored Cross-Site Scripting XSS issue exists in the /admin/edit user.php page. This allows remote attackers to inject and store arbitrary JavaScript code, which is then executed in...

Saltcorn's Reflected XSS and Command Injection vulnerabilities can be chained for 1-click-RCE

Summary 1. There is a reflected XSS vulnerability in the GET /admin/edit-codepage/:name route through the name parameter. This can be used to hijack the session of an admin if they click a specially crafted link. 2. Additionally, there is a Command Injection vulnerability in GET /admin/backup. Th...

PT-2025-41210

Name of the Vulnerable Software and Affected Versions code-projects Voting System version 1.0 Description A flaw exists in code-projects Voting System 1.0, specifically within an unknown function of the /admin/candidates edit.php file. Manipulation of the Firstname, Lastname, and Platform argumen...

EUVD-2019-16717

Malware in sbrugna...

EUVD-2025-30804

Malicious code in bioql PyPI...

PT-2025-40537

Name of the Vulnerable Software and Affected Versions nopCommerce version 4.40.3 Description The software contains a flaw that allows for cross-site scripting XSS in the Product Name field within the '/Admin/Product/Edit/id' API endpoint. When a user views a product in the shop, the XSS payload i...

CVE-2025-11101

A security flaw has been discovered in itsourcecode Open Source Job Portal 1.0. This impacts an unknown function of the file /jobportal/admin/company/index.php?view=edit. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has bee...

CVE-2025-11090

A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. Affected is an unknown function of the file /admin/employee/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might...