AVideo: Unauthenticated User Enumeration in objects/users.json.php via isCompany Parameter Allows Bypass of the Admin-Only Listing Restriction

Summary objects/users.json.php exposes two unauthenticated paths that disclose the full set of registered user accounts. The isCompany request parameter causes the handler to set $ignoreAdmin = true for any non-admin caller including unauthenticated visitors, which defeats the admin-only guard...

ERPNext import_coa function SQL injection vulnerability

ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of the importcoa function's company parameter against externally entered SQL statements. An attacker can exploit this...

EUVD-2023-50616

Malicious code in bioql PyPI...

CVE-2025-52043

In Frappe ERPNext v15.57.5, the function importcoa at erpnext/accounts/doctype/chartofaccountsimporter/chartofaccountsimporter.py is vulnerable to SQL injection, which allows an attacker to extract all information from databases by injecting a SQL query into the company parameter...

CVE-2025-52043

In Frappe ERPNext v15.57.5, the function importcoa at erpnext/accounts/doctype/chartofaccountsimporter/chartofaccountsimporter.py is vulnerable to SQL injection, which allows an attacker to extract all information from databases by injecting a SQL query into the company parameter...

CVE-2025-52043

CVE-2025-52043 affects Frappe ERPNext v15.57.5, where the import_coa() function in ERPNext’s chart_of_accounts_importer.py is vulnerable to SQL injection via the company parameter. This allows an attacker to extract database data. Connected sources corroborate a SQL injection in the import_coa fu...

CVE-2025-52043

In Frappe ERPNext v15.57.5, the function importcoa at erpnext/accounts/doctype/chartofaccountsimporter/chartofaccountsimporter.py is vulnerable to SQL injection, which allows an attacker to extract all information from databases by injecting a SQL query into the company parameter...

ERPNext 安全漏洞

ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of the importcoa function's company parameter against externally entered SQL statements. An attacker can exploit this...

CVE-2025-52043

In Frappe ERPNext v15.57.5, the function importcoa at erpnext/accounts/doctype/chartofaccountsimporter/chartofaccountsimporter.py is vulnerable to SQL injection, which allows an attacker to extract all information from databases by injecting a SQL query into the company parameter...

CVE-2025-10341

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/client/x...

CVE-2025-10341 HTML injection in Perfex CRM

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/client/x...

Perfex CRM 跨站脚本漏洞

Perfex CRM is a customer relationship management software from Perfex CRM open source. It is used to manage customers, projects and create invoices in the cloud. A cross-site scripting vulnerability exists in Perfex CRM version 3.2.1, which stems from insufficient validation of user input for the...

PT-2025-39814

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1 Description An HTML injection issue exists in Perfex CRM version 3.2.1. The issue is due to insufficient validation of user-supplied data. An attacker can inject HTML code by sending a POST request to the...

Vehicle Management updatebal.php File SQL Injection Vulnerability

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter company in the file /updatebal.php. An attacker can exploit this vulnerability to execute...

Vehicle Management /filter3.php File SQL Injection Vulnerability

Vehicle Management is a vehicle management system. Vehicle Management suffers from an SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the parameter company in file /filter3.php. An attacker can exploit this vulnerability to execute illega...

CVE-2025-8374

A vulnerability was found in code-projects Vehicle Management 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /addcompany.php. The manipulation of the argument company leads to sql injection. The attack can be initiated remotely. The exploit has been...

Code-Projects Vehicle Management 注入漏洞

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter company in the file /addcompany.php. An attacker can exploit this vulnerability to execute...

code-projects Vehicle Management 注入漏洞

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter company in the file /updatebal.php. An attacker can exploit this vulnerability to execute...

CVE-2025-8329

A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown part of the file /filter3.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

Code-Projects Vehicle Management 注入漏洞

Vehicle Management is a vehicle management system. Vehicle Management suffers from an SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the parameter company in file /filter3.php. An attacker can exploit this vulnerability to execute illega...