CVE-2019-25727

WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=exportcsv and a malicious path paramet...

CVE-2019-25727 WordPress Plugin ad manager wd 1.0.11 Arbitrary File Download

WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=exportcsv and a malicious path paramet...

PT-2026-46197

WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers can send GET requests to the edit.php endpoint with export=export csv and a malicious path...

ProjectSend 跨站脚本漏洞

ProjectSend cFTP is an open-source set of self-hosted applications based on PHP and MySQL by ProjectSend. Version r1295 of ProjectSend contains a cross-site scripting vulnerability. This vulnerability stems from a stored-cross-site scripting vulnerability in the files-edit.php file, which could...

CVE-2026-7114

A vulnerability was determined in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilize...

EUVD-2026-25820

A vulnerability was determined in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilize...

CVE-2026-7095 code-projects Employee Management System edit.php cross site scripting

A vulnerability was identified in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and...

CVE-2026-7095

A vulnerability was identified in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and...

EUVD-2018-21671

KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...

CVE-2018-25206

KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...

CVE-2018-25206 KomSeo Cart 1.3 SQL Injection via edit.php

KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...

CVE-2026-3616

A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is...

CVE-2026-3616

The CVE affects DefaultFuction Jeson Customer Relationship Management System 1.0.0. The vulnerability is in /modules/customers/edit.php, where manipulating the ID parameter results in a SQL injection. The exploit is publicly available and may be invoked remotely, with exploit maturity listed as p...

CVE-2026-3616 DefaultFuction Jeson Customer Relationship Management System edit.php sql injection

A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is...

CVE-2026-3616

A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is...

CVE-2026-26698

code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modaledit.php...

CVE-2019-25490

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive...

CVE-2026-0579

A vulnerability was found in code-projects Online Product Reservation System 1.0. This affects an unknown part of the file /handgunner-administrator/edit.php of the component POST Parameter Handler. The manipulation of the argument prodid/name/price/model/serial results in sql injection. The atta...

CVE-2025-15458 bg5sbk MiniCMS Article post-edit.php improper authentication

A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been...

PT-2026-1212

Name of the Vulnerable Software and Affected Versions bg5sbk MiniCMS versions up to 1.8 Description A flaw exists in bg5sbk MiniCMS that can lead to improper authentication. The issue affects an unknown function within the Article Handler component, specifically in the file /mc-admin/post-edit.ph...