CVE-2026-10209 code-projects Online Hospital Management System Appointment appointmentdetail.php sql injection

A vulnerability has been found in code-projects Online Hospital Management System 1.0. Affected is an unknown function of the file appointmentdetail.php of the component Appointment Handler. The manipulation of the argument editid leads to sql injection. The attack is possible to be carried out...

PT-2026-5854

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information...

CVE-2025-13582 code-projects Jonnys Liquor GET Parameter detail.php sql injection

A security flaw has been discovered in code-projects Jonnys Liquor 1.0. Affected by this issue is some unknown functionality of the file /detail.php of the component GET Parameter Handler. Performing manipulation of the argument Product results in sql injection. Remote exploitation of the attack ...

EUVD-2025-198604

A security flaw has been discovered in code-projects Jonnys Liquor 1.0. Affected by this issue is some unknown functionality of the file /detail.php of the component GET Parameter Handler. Performing manipulation of the argument Product results in sql injection. Remote exploitation of the attack ...

CVE-2025-13582 code-projects Jonnys Liquor GET Parameter detail.php sql injection

A security flaw has been discovered in code-projects Jonnys Liquor 1.0. Affected by this issue is some unknown functionality of the file /detail.php of the component GET Parameter Handler. Performing manipulation of the argument Product results in sql injection. Remote exploitation of the attack ...

CVE-2025-9925 projectworlds Travel Management System detail.php sql injection

A vulnerability was found in projectworlds Travel Management System 1.0. This issue affects some unknown processing of the file /detail.php. The manipulation of the argument pid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

Projectworlds Travel management System SQL注入漏洞

Travel Management System is a travel management system. Travel Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter pid in the file /detail.php. An attacker can exploit this vulnerability to...

CVE-2024-12948

A vulnerability was found in code-projects Travel Management System 1.0. It has been classified as critical. This affects an unknown part of the file /detail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-10989

A vulnerability classified as critical has been found in code-projects E-Health Care System 1.0. This affects an unknown part of the file /Admin/detail.php. The manipulation of the argument sid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed ...

CVE-2024-10619

A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /pda/reportshop/nextdetail.php. The manipulation of the argument repid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-10618

A vulnerability, which was classified as critical, has been found in Tongda OA 2017 up to 11.10. This issue affects some unknown processing of the file /pda/reportshop/recorddetail.php. The manipulation of the argument repid leads to sql injection. The attack may be initiated remotely. The exploi...

TONGDA Office Anywhere SQL注入漏洞

TONGDA Office Anywhere is a collaborative office OA system of China Tongda TONGDA. TONGDA Office Anywhere suffers from a SQL injection vulnerability, which originates from a SQL injection vulnerability in the repid parameter of the /pda/reportshop/nextdetail.php page...

PT-2024-39323 · Woocommerce · Product Enquiry For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Product Enquiry for WooCommerce versions up to, and including, 2.2.33.32 Description: The vulnerability concerns PHP Object Injection via deserialization of untrusted input in enquiry detail.php. This allows authenticated attackers with...

Ruijie Networks RG-UAC 操作系统命令注入漏洞

Ruijie Networks RG-UAC is an Internet behavior management and auditing product from China's Ruijie Networks Ruijie Networks. It is used to solve Internet auditing problems. An operating system command injection vulnerability exists in Ruijie Networks RG-UAC 20240506 and earlier versions, which...

PT-2024-33006 · Ruijie · Ruijie Rg-Uac

Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC versions prior to 20240507 Description: A critical vulnerability exists in Ruijie RG-UAC. The issue affects an unknown functionality within the file /view/bugSolve/viewData/detail.php. Manipulation of the filename argument leads...

CVE-2024-30983

SQL Injection in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows arbitrary SQL via the compname parameter in /edit-computer-detail.php. Multiple sources (NVD, Red Hat, CVE lists, CNNVD, PT Security) confirm the vulnerable component and parameter. Impact details in sources ind...

Cogites eReserv Cross-Site Scripting Vulnerability

Cogites eReserv is an online reservation management software from Cogites. A cross-site scripting vulnerability exists in Cogites eReserv version 7.7.58, which originates from a cross-site scripting vulnerability in the /front/admin/tenancyDetail.php file...

The vulnerability of the Shops module in the NukeViet content management system allows a hacker to execute arbitrary SQL code.

The vulnerability of the Shops module in the NukeViet content management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code through the listid parameter in the detail.php script, ...

WordPress Canto plugin 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A server-side request forgery vulnerability exists in WordPress Canto plugin 1.3.0. An attacker can...

CVE-2010-4986

SQL injection vulnerability in detail.php in Simple Document Management System SDMS allows remote attackers to execute arbitrary SQL commands via the docid parameter...