CVE-2026-29909

MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials...

CVE-2026-2211

A vulnerability was determined in code-projects Online Music Site 1.0. Affected is an unknown function of the file /Administrator/PHP/AdminDeleteCategory.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly...

CVE-2026-2132 code-projects Online Music Site AdminUpdateCategory.php sql injection

A security flaw has been discovered in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Administrator/PHP/AdminUpdateCategory.php. The manipulation of the argument txtcat results in sql injection. The attack can be executed remotely. The exploit has bee...

CVE-2026-2114

A vulnerability was detected in itsourcecode Society Management System 1.0. This vulnerability affects unknown code of the file /admin/editadmin.php. The manipulation of the argument adminid results in sql injection. The attack may be performed from remote. The exploit is now public and may be us...

CVE-2026-0852

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpdateUser.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been...

CVE-2021-22937

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface...

PT-2026-1356

Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0 Description A flaw exists in code-projects Online Music Site 1.0 that allows for SQL injection. The issue is located in the file /Administrator/PHP/AdminViewSongs.php. Manipulating the ID argument ca...

CVE-2025-42883

Migration Workbench DX Workbench in SAP NetWeaver Application Server for ABAP fails to trigger a malware scan when an attacker with administrative privileges uploads files to the application server. An attacker could leverage this and upload a malicious file into the system. This results in a low...

Online Bidding System weweee.php File SQL Injection Vulnerability

Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from insufficient validation of the parameter ID in the file /administrator/weweee.php. An attacker can use this vulnerability to obtain sensitive information from t...

PT-2025-39121

Name of the Vulnerable Software and Affected Versions code-projects Online Bidding System version 1.0 Description A security issue exists in code-projects Online Bidding System 1.0. Manipulation of the ID argument in the file '/administrator/weweee.php' can lead to SQL injection. The attack can b...

Code-Projects Online Bidding System SQL注入漏洞

Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID in the file /administrator/wew.php. An attacker can exploit this vulnerability to...

PT-2025-32548 · Unknown · Eblog Site

Name of the Vulnerable Software and Affected Versions: eBlog Site version 1.0 Description: A vulnerability exists in the File Upload Module of eBlog Site 1.0, specifically within the /native/admin/save-slider.php file. This allows for unrestricted file uploads, and the attack can be launched...

Online Bidding System Administrator File SQL Injection Vulnerability

Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter aduser in the file /administrator. An attacker can exploit this vulnerability to...

CVE-2025-6471

A vulnerability classified as critical was found in code-projects Online Bidding System 1.0. Affected by this vulnerability is an unknown functionality of the file /administrator. The manipulation of the argument aduser leads to sql injection. The attack can be launched remotely. The exploit has...

CVE-2025-6316 code-projects Online Shoe Store admin_running.php sql injection

A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/adminrunning.php. The manipulation of the argument qty leads to sql injection. The attack may be launched remotely. The exploit...

CVE-2023-35081

A path traversal vulnerability in Ivanti EPMM versions 11.10.x 11.10.0.3, 11.9.x 11.9.1.2 and 11.8.x 11.8.1.2 allows an authenticated administrator to write arbitrary files onto the appliance...

PT-2025-21625 · Unknown · Phpgurukul Complaint Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Complaint Management System version 2.0 Description: A critical vulnerability has been found in the PHPGurukul Complaint Management System, affecting unknown code of the file /admin/admin-profile.php. The manipulation of the...

PT-2023-16783 · Sourcecodester · Sourcecodester Electronic Medical Records System

Name of the Vulnerable Software and Affected Versions: SourceCodester Electronic Medical Records System version 1.0 Description: A critical issue has been found in the Cookie Handler component of the SourceCodester Electronic Medical Records System, specifically in the file administrator.php. The...

CVE-2021-31906

In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file...

CVE-2020-9681

Adobe Genuine Service version 6.6 and earlier is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitation of this issue requires user interaction...