23 matches found
CVE-2025-67147
CVE-2025-67147 affects Gym-Management-System-PHP 1.0. Multiple SQL injection flaws exist in submit_contact.php (name, email, comment), secure_login.php (username, pass_key), and change_s_pwd.php (login_id, pwfield, login_key). Attackers can bypass authentication, run arbitrary SQL commands, modif...
Small CRM change-password.php File SQL Injection Vulnerability
Small CRM a customer relationship management system. Small CRM suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the oldpass parameter of change-password.php. This vulnerability can be exploited by an attacker to execute...
CVE-2024-44633
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23537)
AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which stems from the lack of effective filtering and escaping of user-supplied data in the parameters l and reset of the /clt/changepassword.asp file, and can be...
EUVD-2025-25593
Malicious code in bioql PyPI...
CVE-2025-8931
A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is an unknown function of the file ChangePassword.java. The manipulation of the argument newPassTxt leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to...
CVE-2025-8931
A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is an unknown function of the file ChangePassword.java. The manipulation of the argument newPassTxt leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to...
CVE-2025-7610 code-projects Electricity Billing System change_password.php sql injection
A vulnerability was found in code-projects Electricity Billing System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/changepassword.php. The manipulation of the argument newpassword leads to sql injection. The attack may be launched remotely...
Code-Projects Electricity Billing System 注入漏洞
Code-Projects Electricity Billing System is a Code-Projects open source electricity billing system. An injection vulnerability exists in Code-Projects Electricity Billing System version 1.0, which originates from a SQL injection due to the incorrect operation of the parameter newpassword in the...
Code-Projects Inventory Management System 安全漏洞
Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the userid parameter in the /phpaction/changePassword.php file against an externally entered SQL statement. An...
PT-2025-18109
Name of the Vulnerable Software and Affected Versions PHPGurukul Hostel Management System version 2.1 Description A vulnerability was found in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack,...
CVE-2025-45953
CVE-2025-45953 affects PHPGurukul Hostel Management System 2.1, in /hostel/change-password.php. Improper handling of session data enables a remote session-hijacking attack. Output confirms vulnerability details; no patch/version fix information is provided in the connected documents. Monitor for ...
CVE-2025-45947
The CVE-2025-45947 issue affects phpgurukul Online Banquet Booking System v1.2, where the /obbs/change-password.php file in the My Account - Change Password component can lead to arbitrary code execution due to improper handling. Documented impact is high, with potential full system compromise. M...
CVE-2025-45947
An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/change-password.php file of the My Account - Change Password component...
Warehouse Inventory System 跨站请求伪造漏洞
Warehouse Inventory System is a warehouse inventory management system for the OSWAPP community. A cross-site request forgery vulnerability exists in Warehouse Inventory System versions 1.0 and 2.0, which stems from the /changepassword.php file containing a cross-site request forgery vulnerability...
PT-2023-3035 · Cisco · Cisco Telepresence Video Communication Server +1
Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS affected versions not specified Description: A vulnerability in the change password functionality could allow an authenticated, remote attacker with Read-only...
Improper Access Control
github.com/usememos/memos is vulnerable to improper access control. The vulnerability exists in multiple functions due to insecure direct object references which allows an attacker to perform actions on a user's behalf via Change Password feature...
Reprise Software Reprise License Manager 访问控制错误漏洞
Reprise License Manager is a software licensing toolkit from Reprise Software, Inc. that provides local and cloud-based license management, license enforcement and product activation solutions for publishers of commercial software applications.Reprise Software Reprise License Manager A licensing...
Cross site request forgery (csrf)
letodms 3.3.6 has CSRF via change password...
Teradek Cube 7.3.6 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications i...