Lucene search
K

23 matches found

CVE
CVE
added 2026/01/12 12:0 a.m.15 views

CVE-2025-67147

CVE-2025-67147 affects Gym-Management-System-PHP 1.0. Multiple SQL injection flaws exist in submit_contact.php (name, email, comment), secure_login.php (username, pass_key), and change_s_pwd.php (login_id, pwfield, login_key). Attackers can bypass authentication, run arbitrary SQL commands, modif...

9.8CVSS8.3AI score0.00345EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/20 12:0 a.m.6 views

Small CRM change-password.php File SQL Injection Vulnerability

Small CRM a customer relationship management system. Small CRM suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the oldpass parameter of change-password.php. This vulnerability can be exploited by an attacker to execute...

6.5CVSS8.3AI score0.00215EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/15 12:47 a.m.12 views

CVE-2024-44633

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php...

6.5CVSS8AI score0.00215EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.3 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23537)

AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which stems from the lack of effective filtering and escaping of user-supplied data in the parameters l and reset of the /clt/changepassword.asp file, and can be...

6.9CVSS6.5AI score0.00221EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-25593

Malicious code in bioql PyPI...

7.8CVSS6.5AI score0.00172EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/16 3:31 a.m.10 views

CVE-2025-8931

A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is an unknown function of the file ChangePassword.java. The manipulation of the argument newPassTxt leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to...

8.8CVSS7.7AI score0.00352EPSS
Exploits1References1
OSV
OSV
added 2025/08/14 3:15 a.m.4 views

CVE-2025-8931

A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is an unknown function of the file ChangePassword.java. The manipulation of the argument newPassTxt leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to...

8.8CVSS5.7AI score0.00352EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/07/14 2:2 p.m.6 views

CVE-2025-7610 code-projects Electricity Billing System change_password.php sql injection

A vulnerability was found in code-projects Electricity Billing System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/changepassword.php. The manipulation of the argument newpassword leads to sql injection. The attack may be launched remotely...

7.5CVSS7.4AI score0.00399EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/07/14 12:0 a.m.6 views

Code-Projects Electricity Billing System 注入漏洞

Code-Projects Electricity Billing System is a Code-Projects open source electricity billing system. An injection vulnerability exists in Code-Projects Electricity Billing System version 1.0, which originates from a SQL injection due to the incorrect operation of the parameter newpassword in the...

9.8CVSS7.8AI score0.00399EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/06/23 12:0 a.m.4 views

Code-Projects Inventory Management System 安全漏洞

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the userid parameter in the /phpaction/changePassword.php file against an externally entered SQL statement. An...

9.8CVSS8.2AI score0.00394EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/04/28 12:0 a.m.6 views

PT-2025-18109

Name of the Vulnerable Software and Affected Versions PHPGurukul Hostel Management System version 2.1 Description A vulnerability was found in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack,...

9.1CVSS5.8AI score0.0036EPSS
Exploits1References10
CVE
CVE
added 2025/04/28 12:0 a.m.60 views

CVE-2025-45953

CVE-2025-45953 affects PHPGurukul Hostel Management System 2.1, in /hostel/change-password.php. Improper handling of session data enables a remote session-hijacking attack. Output confirms vulnerability details; no patch/version fix information is provided in the connected documents. Monitor for ...

9.1CVSS6.5AI score0.0036EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/04/28 12:0 a.m.69 views

CVE-2025-45947

The CVE-2025-45947 issue affects phpgurukul Online Banquet Booking System v1.2, where the /obbs/change-password.php file in the My Account - Change Password component can lead to arbitrary code execution due to improper handling. Documented impact is high, with potential full system compromise. M...

9.8CVSS7.5AI score0.00613EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/04/28 12:0 a.m.32 views

CVE-2025-45947

An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/change-password.php file of the My Account - Change Password component...

0.00613EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/08/04 12:0 a.m.6 views

Warehouse Inventory System 跨站请求伪造漏洞

Warehouse Inventory System is a warehouse inventory management system for the OSWAPP community. A cross-site request forgery vulnerability exists in Warehouse Inventory System versions 1.0 and 2.0, which stems from the /changepassword.php file containing a cross-site request forgery vulnerability...

8.8CVSS6.8AI score0.00351EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.5 views

PT-2023-3035 · Cisco · Cisco Telepresence Video Communication Server +1

Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS affected versions not specified Description: A vulnerability in the change password functionality could allow an authenticated, remote attacker with Read-only...

10CVSS6.4AI score0.00914EPSS
Exploits0References9
Veracode
Veracode
added 2022/12/27 6:52 a.m.18 views

Improper Access Control

github.com/usememos/memos is vulnerable to improper access control. The vulnerability exists in multiple functions due to insecure direct object references which allows an attacker to perform actions on a user's behalf via Change Password feature...

8.8CVSS8.2AI score0.00607EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2021/12/08 12:0 a.m.4 views

Reprise Software Reprise License Manager 访问控制错误漏洞

Reprise License Manager is a software licensing toolkit from Reprise Software, Inc. that provides local and cloud-based license management, license enforcement and product activation solutions for publishers of commercial software applications.Reprise Software Reprise License Manager A licensing...

9.8CVSS5.6AI score0.58555EPSS
Exploits3References5
Prion
Prion
added 2019/11/13 5:15 p.m.16 views

Cross site request forgery (csrf)

letodms 3.3.6 has CSRF via change password...

4.3CVSS7.3AI score0.01562EPSS
Exploits1References3Affected Software2
0day.today
0day.today
added 2018/05/22 12:0 a.m.33 views

Teradek Cube 7.3.6 - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications i...

7.1AI score
Exploits0
Rows per page
Query Builder