Lucene search
K

43 matches found

NVD
NVD
added 2026/07/05 3:16 p.m.9 views

CVE-2026-14756

A vulnerability was found in code-projects Hotel and Tourism Reservation 1.0. Affected by this issue is some unknown functionality of the file /admin/addtour.php of the component Tour Management Page. The manipulation of the argument deleteimage results in sql injection. The attack may be launche...

7.5CVSS0.00269EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/05 2:30 p.m.34 views

CVE-2026-14756 code-projects Hotel and Tourism Reservation Tour Management add_tour.php sql injection

A vulnerability was found in code-projects Hotel and Tourism Reservation 1.0. Affected by this issue is some unknown functionality of the file /admin/addtour.php of the component Tour Management Page. The manipulation of the argument deleteimage results in sql injection. The attack may be launche...

7.5CVSS0.00269EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 2:0 p.m.8 views

EUVD-2026-41760

A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. Affected is an unknown function of the file /admin/addroom.php. Executing a manipulation of the argument deleteimage/edit/description/number/price/rooms/type can lead to sql injection. The attack can be launched remotely. T...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 2:0 p.m.18 views

CVE-2026-14754

The CVE covers code-projects Hotel and Tourism Reservation 1.0, where the /admin/add_room.php function is vulnerable. Manipulating the arguments delete_image, edit/description, number, price, rooms, or type can trigger an SQL injection. The attack can be launched remotely, and a public exploit ha...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.12 views

PT-2026-55804

Name of the Vulnerable Software and Affected Versions code-projects Hotel and Tourism Reservation version 1.0 Description An issue exists in the Tour Management Page component within the '/admin/add tour.php' endpoint. Remote attackers can perform a SQL injection by manipulating the delete image...

7.5CVSS7.1AI score0.00269EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.3 views

CVE-2026-35183

Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference IDOR vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a filename from the URL b...

7.1CVSS5.9AI score0.00201EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.11 views

PT-2026-30715

Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference IDOR vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a filename from the URL b...

7.1CVSS5.9AI score0.00201EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.10 views

WordPress plugin “Photo Gallery” by 10Web – Mobile-Friendly Image Gallery security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References3
NVD
NVD
added 2025/10/28 1:16 a.m.6 views

CVE-2025-12341

A vulnerability was detected in ermig1979 AntiDupl up to 2.3.12. Impacted is an unknown function of the file AntiDupl.NET.WinForms.exe of the component Delete Duplicate Image Handler. The manipulation results in link following. The attack is only possible with local access. The vendor was contact...

8.5CVSS0.00214EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-52303

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.009EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-52293

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00832EPSS
Exploits1References1
OSV
OSV
added 2025/08/29 11:18 a.m.4 views

OESA-2025-2093 buildah security update

The package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a new image...

7.5CVSS6.9AI score0.00868EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/12 8:17 p.m.11 views

CVE-2025-55171 WeGIA Anonymous Attacker can Delete Arbitrary Image file at endpoint `/html/personalizacao_remover.php`

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, the application does not check authentication at endpoint /html/personalizacaoremover.php allowing anonymous attacker without login to delete any Image files at endpoin...

7.5CVSS0.00628EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 3:2 a.m.10 views

CVE-2023-1956

A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=deleteimg of the component Image Handler. The manipulation of the argument path leads to path...

8.8CVSS7.6AI score0.01075EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.4 views

PT-2024-37195 · WordPress · Comment Images Reloaded

Name of the Vulnerable Software and Affected Versions: Comment Images Reloaded plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to a missing capability check on the cir delete image AJAX action. This allows authenticated attackers with Subscriber-level...

4.3CVSS6.6AI score0.00403EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/03/17 12:0 a.m.4 views

PT-2024-21049 · Unknown · Pandaxgo Pandax

Name of the Vulnerable Software and Affected Versions: PandaXGO PandaX up to 20240310 Description: A critical issue has been identified, affecting the DeleteImage function in the /apps/system/router/upload.go file. The vulnerability can be exploited by manipulating the fileName argument with a...

9.8CVSS5.7AI score0.0085EPSS
Exploits0References6
CNVD
CNVD
added 2023/04/11 12:0 a.m.12 views

Online Computer and Laptop Store Path Traversal Vulnerability

Online Computer and Laptop Store is an online computer and laptop store from Carlo Montero's personal developer. A path traversal vulnerability exists in Online Computer and Laptop Store v1.0. The vulnerability stems from the fact that the parameter path in the file /classes/Master.php?f=deleteim...

8.5AI score0.01075EPSS
Exploits1Affected Software1
OSV
OSV
added 2023/04/08 10:15 a.m.4 views

CVE-2023-1956

A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=deleteimg of the component Image Handler. The manipulation of the argument path leads to path...

8.8CVSS5.4AI score0.01075EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/04/08 12:0 a.m.4 views

PT-2023-17369 · Unknown · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical vulnerability was found in the Image Handler component of the affected software, specifically in the /classes/Master.php file, where the path argument is...

8.8CVSS5.7AI score0.01075EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/04/08 12:0 a.m.9 views

Online Computer and Laptop Store 路径遍历漏洞

Online Computer and Laptop Store is an online computer and laptop store from Carlo Montero's personal developer. A path traversal vulnerability exists in Online Computer and Laptop Store v1.0. The vulnerability stems from the fact that the parameter path in the file /classes/Master.php?f=deleteim...

8.8CVSS6.9AI score0.01075EPSS
Exploits1References4
Rows per page
Query Builder