Student_Management_System_by_PHP SQL Injection Vulnerability

studentmanagementsystembyphp is a student information management tool developed by Raisul Islam, based on PHP. studentmanagementsystembyphp has a SQL injection vulnerability. This vulnerability arises from incorrect operations with parameters such as userid, courseid, teacherid, and studentid in...

CVE-2026-8411

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/delete. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonata...

CVE-2026-8411 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/delete. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonata...

PT-2026-42567

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.0.0 through 9.4.x Description Concrete CMS is subject to Cross Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing actions they did not intend to do. This issue occurs at the...

PT-2026-28190

A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /my account/delete.php. Performing a manipulation of the argument cos id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public...

CVE-2020-37147 ATutor 2.2.4 - 'id' SQL Injection

ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'id' parameter of the admindelete.php...

CVE-2020-37147 ATutor 2.2.4 - 'id' SQL Injection

ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'id' parameter of the admindelete.php...

PT-2026-6821

Name of the Vulnerable Software and Affected Versions ATutor version 2.2.4 Description ATutor 2.2.4 has a SQL injection issue in the admin user deletion page. Authenticated attackers can manipulate database queries through the id parameter. Exploitation involves injecting malicious SQL code into...

BIT-MOODLE-2025-3637 Moodle: csrf token exposure via url in moodle mod_data module

A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...

CVE-2025-15455

A flaw has been found in bg5sbk MiniCMS up to 1.8. Impacted is the function deletepage of the file /minicms/mc-admin/page.php of the component File Recovery Request Handler. This manipulation causes improper authentication. The attack is possible to be carried out remotely. The exploit has been...

CVE-2025-15455

CVE-2025-15455 affects bg5sbk MiniCMS up to version 1.8. The vulnerability exists in the delete_page function of /minicms/mc-admin/page.php (File Recovery Request Handler) where improper authentication can be manipulated to enable remote exploitation. Public exploit material has been published. M...

MiniCMS 授权问题漏洞

MiniCMS is a mini content management system designed for personal websites by the individual developer of Dada bg5sbk. MiniCMS 1.8 and earlier versions have an authorization issue vulnerability, the vulnerability stems from incorrect operation of the function deletepage in the file...

PT-2026-1209

Name of the Vulnerable Software and Affected Versions bg5sbk MiniCMS versions up to 1.8 Description A flaw exists in bg5sbk MiniCMS up to version 1.8 related to improper authentication. The issue is located in the delete page function within the /minicms/mc-admin/page.php file of the File Recover...

CVE-2026-0578

CVE-2026-0578 affects the code-projects Online Product Reservation System 1.0. The vulnerability lies in the file /handgunner-administrator/delete.php , where manipulating the ID parameter leads to a SQL injection . The issue is exploitable remotely and, according to multiple sources, the exploit...

CVE-2025-63525

An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted request to delete.php...

CVE-2025-11319

A weakness has been identified in nahiduddinahammed Hospital-Management-System-Website up to e6562429e14b2f88bd2139cae16e87b965024097. This issue affects some unknown processing of the file /delete.php. This manipulation of the argument ai causes sql injection. It is possible to initiate the atta...

PT-2025-38706

Name of the Vulnerable Software and Affected Versions code-projects E-Commerce Website version 1.0 Description A flaw exists in code-projects E-Commerce Website 1.0 where manipulation of the user id argument in the file '/pages/admin account delete.php' can lead to SQL injection. This issue is...

Real Estate Management System 安全漏洞

Real Estate Management System is an open source real estate management system from Itsourcecode. A security vulnerability exists in Real Estate Management System version 1.0, which results from an authorization bypass due to incorrect manipulation of the parameter ID in the file userdelete.php...

CVE-2018-14519

An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page...

CampCodes Sales and Inventory System 注入漏洞

CampCodes Sales and Inventory System is a sales and inventory system from CampCodes, Inc. The CampCodes Sales and Inventory System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter prid in the file...