CVE-2025-0872

CVE-2025-0872 affects itsourcecode Tailoring Management System 1.0. A SQL injection vulnerability exists in /addpayment.php via manipulated id/amount/desc/inccat parameters, exploitable remotely with exploits publicly disclosed. Root cause is unsafe handling of input in the PHP file. Impact is st...

CVE-2025-0734

CVE-2025-0734 affects y_project RuoYi

CVE-2025-0699

The CVE-2025-0699 entry concerns JoeyBling bootplus (up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d). The vulnerability is located in the /admin/sys/role/list endpoint where the sort parameter can be manipulated to perform SQL injection. It is described as remotely exploitable and critical, with ...

CVE-2025-0460

The CVE-2025-0460 entry concerns Blog Botz for Journal Theme 1.0 on OpenCart. Affected: Blog Botz for Journal Theme, version 1.0, via the endpoint /index.php?route=extension/module/blog_add. Root cause: manipulation of the image parameter enables unrestricted file upload. Impact: remote attacker ...

CVE-2024-13213

A vulnerability classified as problematic was found in SingMR HouseRent 1.0. This vulnerability affects unknown code of the file /toAdminUpdateHousePage?hID=30. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and m...

CVE-2024-13108

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05R1B011D88210. It has been declared as critical. This vulnerability affects unknown code of the file /goform/form2NetSniper.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been...

CVE-2024-13016

A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-category.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2024-12999

A vulnerability has been found in PHPGurukul Small CRM 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...

CVE-2024-12962

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /parse/alledits.php. The manipulation of the argument skillset leads to sql injection. The attack can be launched remotely. The...

CVE-2024-12947 Codezips Hospital Management System invo.php sql injection

A vulnerability was found in Codezips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /invo.php. The manipulation of the argument dname leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2024-12841

A vulnerability was found in Emlog Pro up to 2.4.1. It has been classified as problematic. This affects an unknown part of the file /admin/tag.php. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclose...

CVE-2024-12492

The CVE-2024-12492 entry concerns Code-projects Farmacia 1.0. The vulnerability is a SQL injection in the visualizar-usuario.php endpoint via the id parameter. Root cause: unsafe handling of user-supplied id leads to database query manipulation. Impact is described as critical/high across confide...

CVE-2024-12481 cjbi wetech-cms UserDao.java findUser sql injection

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been declared as critical. Affected by this vulnerability is the function findUser of the file wetech-cms-master\wetech-core\src\main\java\tech\wetech\cms\dao\UserDao.java. The manipulation of the argument searchValue/gId/rId leads ...

CVE-2024-12183

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Th...

CVE-2024-12002 Tenda FH451/FH1201/FH1202/FH1206 GetIPTV websReadEvent null pointer dereference

A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can...

CVE-2024-12000 code-projects Blood Bank System Setting updatesettings.php cross site scripting

A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /controllers/updatesettings.php of the component Setting Handler. The manipulation of the argument firstname leads to cross site scripting. Th...

CVE-2024-11960

A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has...

CVE-2024-11675

A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /backend/admin/hisadminregisterpatient.php of the component Add Patient Details Page. The manipulation of the argument...

CVE-2024-11590

A vulnerability, which was classified as critical, has been found in 1000 Projects Bookstore Management System 1.0. Affected by this issue is some unknown functionality of the file /forgetpasswordprocess.php. The manipulation of the argument unm leads to sql injection. The attack may be launched...

CVE-2024-11587 idcCMS classProvCity.php GetCityOptionJs cross site scripting

A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has bee...