CVE-2019-25738

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hcajaxsaveoption action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to...

CVE-2026-8083

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=saveuser. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be...

CVE-2026-7408 SourceCodester Pizzafy Ecommerce System ajax.php save_menu sql injection

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be...

CVE-2026-7268 SourceCodester Pizzafy Ecommerce System ajax.php save_category sql injection

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This impacts the function savecategory of the file /admin/ajax.php?action=savecategory. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2026-7194

Affected software: SourceCodester Pharmacy Sales and Inventory System 1.0. Vulnerability location: the file /ajax.php?action=save_product. Vulnerability type / root cause: manipulation of the argument ID leads to a SQL injection vulnerability. Impact / exploitation: attack can be carried out remo...

CVE-2026-7128 SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=savetype. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has...

CVE-2026-7088

SourceCodester Pharmacy Sales and Inventory System 1.0 contains a SQL injection in /ajax.php?action=save_receiving triggered by manipulating the ID parameter. The flaw is exploitable remotely and the exploit is publicly available. No remediation details are provided in the documents.

CVE-2026-7087

SourceCodester Pharmacy Sales and Inventory System 1.0 contains a SQL injection in /ajax.php?action=save_sales via manipulation of the ID parameter. The flaw is triggered remotely, allowing an attacker to influence the database query. The exploit is public and may be used for attacks. The descrip...

PT-2026-29324

A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file specifically the save loan action. The application fails to properly sanitize user input supplied to the "borrower id" parameter in a POST request, allowing ...

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 contained security...

CVE-2026-33917 OpenEMR has SQL Injection in CAMOS Form

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

PT-2026-28146

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax save CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

CVE-2026-2023

The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajaxsavecustomplugin function, which is disabled by prefixing the check with 'false &&'. This makes it possible for...

WordPress plugin WP Plugin Info Card 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-13345

A security vulnerability has been detected in SourceCodester Train Station Ticketing System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=saveticket. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-13346

A vulnerability was detected in SourceCodester Train Station Ticketing System 1.0. This affects an unknown part of the file /ajax.php?action=savestation. Performing manipulation of the argument id/station results in sql injection. The attack may be initiated remotely. The exploit is now public an...

CVE-2025-13347

The CVE-2025-13347 affects SourceCodester Train Station Ticketing System 1.0. The vulnerability resides in the /ajax.php?action=save_user path where manipulating the Username parameter can trigger a SQL injection. Attacks can be launched remotely and exploits have been published, with multiple so...

CVE-2025-13286

CVE-2025-13286 affects itsourcecode Online Voting System 1.0. The vulnerability is an SQL injection in the parameter ID of the file "/ajax.php?action=save_user" caused by inadequate input validation. Remote exploitation is possible and exploit code has been publicly released. Connected sources id...

CVE-2025-13286 itsourcecode Online Voting System ajax.php sql injection

A security flaw has been discovered in itsourcecode Online Voting System 1.0. The impacted element is an unknown function of the file /ajax.php?action=saveuser. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2025-13270 Campcodes School Fees Payment Management System ajax.php sql injection

A vulnerability was found in Campcodes School Fees Payment Management System 1.0. This affects an unknown function of the file /ajax.php?action=savecourse. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could...