737 matches found
CVE-2025-5840 SourceCodester Client Database Management System user_update_customer_order.php unrestricted upload
A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /userupdatecustomerorder.php. The manipulation of the argument uploadedfile leads to unrestricted upload. It is possible to initiate the...
CVE-2025-5840
SourceCodester Client Database Management System 1.0 contains a vulnerability in the file /user_update_customer_order.php where the uploaded_file parameter can be manipulated to achieve unrestricted file upload. This remote-access flaw could allow an attacker to upload arbitrary files, potentiall...
CVE-2025-5840 SourceCodester Client Database Management System user_update_customer_order.php unrestricted upload
A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /userupdatecustomerorder.php. The manipulation of the argument uploadedfile leads to unrestricted upload. It is possible to initiate the...
PT-2025-24347 · Unknown · Sourcecodester Client Database Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Client Database Management System version 1.0 Description: A critical vulnerability was found in the SourceCodester Client Database Management System. This issue affects an unknown part of the file /user update customer...
CVE-2025-5299
A vulnerability was found in SourceCodester Client Database Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /userordercustomerupdate.php. The manipulation of the argument uploadedfilecancelled leads to unrestricted upload. The attack ca...
CVE-2025-5207
A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. Affected by this issue is some unknown functionality of the file /superadminupdateprofile.php. The manipulation of the argument nickname/email leads to sql injection. The...
CVE-2025-5299
A vulnerability was found in SourceCodester Client Database Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /userordercustomerupdate.php. The manipulation of the argument uploadedfilecancelled leads to unrestricted upload. The attack ca...
CVE-2025-5299
CVE-2025-5299 affects SourceCodester Client Database Management System v1.0. The vulnerability is in the file /user_order_customer_update.php, where manipulating the argument uploaded_file_cancelled enables unrestricted file upload. Exploitation is possible remotely and exploits have been disclos...
CVE-2025-5299 SourceCodester Client Database Management System user_order_customer_update.php unrestricted upload
A vulnerability was found in SourceCodester Client Database Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /userordercustomerupdate.php. The manipulation of the argument uploadedfilecancelled leads to unrestricted upload. The attack ca...
CVE-2025-5207
A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. Affected by this issue is some unknown functionality of the file /superadminupdateprofile.php. The manipulation of the argument nickname/email leads to sql injection. The...
CVE-2025-5207 SourceCodester Client Database Management System superadmin_update_profile.php sql injection
A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. Affected by this issue is some unknown functionality of the file /superadminupdateprofile.php. The manipulation of the argument nickname/email leads to sql injection. The...
CVE-2025-5207 SourceCodester Client Database Management System superadmin_update_profile.php sql injection
A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. Affected by this issue is some unknown functionality of the file /superadminupdateprofile.php. The manipulation of the argument nickname/email leads to sql injection. The...
CVE-2025-5207
CVE-2025-5207 affects SourceCodester Client Database Management System 1.0. The vulnerability is an SQL injection in the file /superadmin_update_profile.php triggered by manipulating the nickname/email parameters, potentially exploitable remotely. Multiple connected sources corroborate the issue’...
PT-2025-22937 · Unknown · Sourcecodester Client Database Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Client Database Management System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Client Database Management System. The issue affects an unknown functionality of the file /superadmin upda...
CVE-2024-7458
A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation of the argument file leads to path traversa...
CVE-2024-27296
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10.8.3, the exact Directus version number was being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known...
CVE-2024-46990
Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default 0.0.0.0 filter a user may bypass this block by using other registered loopback devices like 127.0.0.2 - 127.127.127.127. This issue has been addressed in...
CVE-2023-4552
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system. This...
CVE-2023-25910
A vulnerability has been identified in SIMATIC PCS 7 All versions V9.1 SP2 UC04, SIMATIC S7-PM All versions V5.7 SP1 HF1, SIMATIC S7-PM All versions V5.7 SP2 HF1, SIMATIC STEP 7 V5 All versions V5.7. The affected product contains a database management system that could allow remote users with low...
CVE-2021-29625
Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo...