GHSA-8V9P-G828-V98F Shopware: Admin Account Takeover via User Recovery Hash Exposure

Summary A low-privilege admin user with userrecovery:read ACL can take over any admin account. The attacker triggers password recovery for the victim unauthenticated endpoint, reads the recovery hash from the Admin API search endpoint, then uses the hash to reset the victim's password another...

CVE-2026-4485

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/searchstudent.php. The manipulation of the argument Search leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2024-51226

A stored cross-site scripting XSS vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Search parameter...

EUVD-2024-55492

A stored cross-site scripting XSS vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Search parameter...

CVE-2024-51226

A stored cross-site scripting XSS vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Search parameter...

CVE-2024-51226

A stored cross-site scripting XSS vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Search parameter...

PT-2026-27142

A stored cross-site scripting XSS vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Search parameter...

CVE-2024-51226

A stored cross-site scripting XSS vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Search parameter...

CVE-2024-51226

A stored cross-site scripting XSS vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Search parameter...

PHPGurukul Vehicle Record Management System 安全漏洞

PHPGurukul Vehicle Record Management System is a vehicle record management system developed by PHPGurukul Corporation. Version 1.0 of the Phpgurukul Vehicle Record Management System contains a security vulnerability. This vulnerability arises from improper cleaning of the Search parameter input i...

CVE-2024-51226

Phpgurukul Vehicle Record Management System v1.0 contains a stored XSS in /admin/search-vehicle.php where an attacker can inject a crafted payload via the Search parameter to execute arbitrary web scripts/HTML. The issue is triggered by unsafely handling input in that parameter, leading to script...

EUVD-2026-13700

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/searchstudent.php. The manipulation of the argument Search leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

PT-2026-26618

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/search student.php. The manipulation of the argument Search leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-3740

A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /adminsearchstudent.php. This manipulation of the argument adminsearchstudent causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

EUVD-2026-10243

A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /adminsearchstudent.php. This manipulation of the argument adminsearchstudent causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-3740

A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /adminsearchstudent.php. This manipulation of the argument adminsearchstudent causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-3740

A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /adminsearchstudent.php. This manipulation of the argument adminsearchstudent causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-3740 itsourcecode University Management System admin_search_student.php sql injection

A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /adminsearchstudent.php. This manipulation of the argument adminsearchstudent causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-3740

A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /adminsearchstudent.php. This manipulation of the argument adminsearchstudent causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-3740

The CVE-2026-3740 entry concerns itsourcecode University Management System 1.0. A SQL injection flaw is triggered in the /admin_search_student.php path via manipulation of the admin_search_student argument, reported as exploitable remotely. Multiple sources (Red Hat, EUVD, NVD, CVE records, and P...