CVE-2025-13422

A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/changespwd.php. Performing manipulation of the argument loginid results in sql injection. The attack may be initiated remotely. The exploit...

Sports Club Management System in php SQL注入漏洞

Sports Club Management System in php is a sports club management system by Darkseid Personal Developer. A SQL injection vulnerability exists in Sports Club Management System in php version 1.0, which stems from an incorrect manipulation of the parameter loginid in the file...

PT-2025-47540

Name of the Vulnerable Software and Affected Versions freeprojectscodes Sports Club Management System version 1.0 Description A flaw exists in freeprojectscodes Sports Club Management System 1.0 that allows for SQL injection. The issue is located in an unknown function within the...

CVE-2024-44641

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password.php...

EUVD-2024-55087

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password.php...

CVE-2024-44641

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password.php...

CVE-2024-44641

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password.php...

EUVD-2025-38303

The change password functionality at /petgrooming/admin/changepass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie restrictions, allowing attackers...

CVE-2025-63717

The change password functionality at /petgrooming/admin/changepass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks. The application does not implement adequate anti-CSRF tokens or same-site cookie restrictions, allowing attackers...

CVE-2025-63717

Summary: CSRF in SourceCodester Pet Grooming Management Software 1.0. The change password functionality at /pet_grooming/admin/change_pass.php is vulnerable due to missing anti-CSRF tokens and same-site cookie protections, potentially allowing attackers to trick authenticated users into changing ...

EUVD-2025-28422

Malicious code in bioql PyPI...

Student Result Management System /srms/change-password.php Component Session Hijacking Vulnerability

Student Result Management System is a student result management system. Student Result Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /srms/change-password.php, no details of the vulnerability are available at this...

e-Diary Management System Session Hijacking Vulnerability

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /edms/change-password.php. No details of the vulnerability are available at this time...

CVE-2025-50484

Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack...

PHPGurukul Student Result Management System 安全漏洞

Student Result Management System is a student result management system. Student Result Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /srms/change-password.php, no details of the vulnerability are available at this...

PHPGurukul Online Library Management System 安全漏洞

Online Library Management System is an online library management system. A security vulnerability exists in Online Library Management System, which originates from an improperly disabled session in the component /library/change-password.php, and can be exploited by an attacker to cause a session...

CVE-2025-28011

A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter...

Hospital Management System change-password.php Page SQL Injection Vulnerability

Hospital Management System a hospital management system. Hospital Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the cpass parameter of the change-password.php page. An attacker can exploit this vulnerabili...

Prison Management System 跨站脚本漏洞

Prison Management System is a prison management system by the individual developer Carlo Montero. A cross-site scripting vulnerability exists in SourceCodester Prison Management System version 1.0, which originates from /Employee/changepassword.php containing unknown code that causes cross-site...

CVE-2022-24681

Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen...