EUVD-2026-18215

A vulnerability was found in SourceCodester/mayurik Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=deleteuser of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access...

CVE-2026-5330 SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control

A vulnerability was found in SourceCodester/mayurik Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=deleteuser of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access...

CVE-2026-2669

Rongzhitong Visual Integrated Command and Dispatch Platform is identified as vulnerable in CVE-2026-2669. The affected component is the User Handler, specifically the file path /dm/dispatch/user/delete. The root cause is improper access controls caused by manipulating the argument ID, enabling re...

CVE-2025-63712

Cross-Site Request Forgery CSRF in SourceCodester Product Expiry Management System. The User Management module delete-user.php allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF...

PT-2025-46163

Name of the Vulnerable Software and Affected Versions SourceCodester Product Expiry Management System affected versions not specified Description The software contains a Cross-Site Request Forgery CSRF issue within the User Management module. Specifically, the delete-user.php endpoint is...

CVE-2025-10786

A flaw has been found in Campcodes Grocery Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=deleteuser. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be us...

CVE-2025-10786

Campaign: CVE-2025-10786 concerns Campcodes Grocery Sales and Inventory System 1.0. The vulnerability resides in the file /ajax.php?action=delete_user, where manipulation of the ID parameter enables SQL injection. Attack is remote and requires no authentication. An exploit has been published and ...

CVE-2025-10786 Campcodes Grocery Sales and Inventory System ajax.php sql injection

A flaw has been found in Campcodes Grocery Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=deleteuser. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be us...

CVE-2025-10786 Campcodes Grocery Sales and Inventory System ajax.php sql injection

A flaw has been found in Campcodes Grocery Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=deleteuser. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be us...

CVE-2025-10595

A vulnerability has been found in SourceCodester Online Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/deleteuser.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. The exploit has...

CVE-2023-27052

E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/deleteuser.php...

CVE-2025-4484

A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. This affects an unknown part of the file /ajax.php?action=deleteuser. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

PT-2024-17225 · Sourcecodester · Best House Rental Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best House Rental Management System version 1.0 Description: A problematic issue was found in the system, affecting an unknown function of the file "/rental/ajax.php?action=delete user" of the component POST Request Handler. Th...

PT-2023-32675 · Sourcecodester · Sourcecodester User Registration/Login System

Name of the Vulnerable Software and Affected Versions: SourceCodester User Registration and Login System version 1.0 Description: A problematic issue was found in the system, affecting an unknown function of the file /endpoint/delete-user.php. The manipulation of the user argument leads to...

SourceCodester User Registration and Login System Cross-Site Scripting Vulnerability

User Registration and Login System is a user registration and login system by Remy Andrade, an individual developer. A cross-site scripting vulnerability exists in the SourceCodester User Registration and Login System, which is caused by cross-site scripting in the user parameter of...

Moosikay E-Commerce System SQL注入漏洞

Moosikay E-Commerce System is an e-commerce system by the individual developer Arvin Arandilla. A security vulnerability exists in Moosikay E-Commerce System v1.0, which was discovered to contain an SQL injection vulnerability via the id parameter in /admin/deleteuser.php...

CVE-2021-35491

A Cross-Site Request Forgery CSRF vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolv...

Wowza Media Systems Wowza Streaming Engine 跨站请求伪造漏洞

Wowza Media Systems Wowza Streaming Engine is a powerful, customizable and scalable media server software from Wowza Media Systems, USA. It is used to reliably stream high-quality video and audio to any device, anywhere. A cross-site request forgery vulnerability exists in Wowza Streaming Engine...

Drobo 5N2 cross-site scripting vulnerability (CNVD-2019-05932)

The Drobo 5N2 NAS is a networked storage appliance NAS from Drobo, USA. The device features data sharing, data backup, remote access and disaster recovery. A cross-site scripting vulnerability exists in the /DroboAccess/deleteuser endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115. A remote...

CVE-2018-14698

Cross-site scripting in the /DroboAccess/deleteuser endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter...