25 matches found
CVE-2026-1655
The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the savefrontendeventsubmission function accepting a user-controlled eventid parameter and updating the correspondi...
PT-2026-20281
The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save frontend event submission function accepting a user-controlled event id parameter and updating the...
CVE-2026-1987 Scheduler Widget <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event Modification
The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the schedulerwidgetajaxsaveevent function lacking proper authorization checks and ownership verification when updating events. This makes it...
CVE-2025-56243
A Cross-Site Scripting XSS vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the eventid GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into th...
CVE-2025-56243
A Cross-Site Scripting XSS vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the eventid GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into th...
CVE-2025-56243
A Cross-Site Scripting XSS vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the eventid GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into th...
PT-2025-41138
Name of the Vulnerable Software and Affected Versions PuneethReddyHC Event Management System version 1.0 Description A Cross-Site Scripting XSS issue exists in the register.php page. The event id GET parameter is improperly handled, allowing an attacker to inject code into this parameter and...
CVE-2025-56243
PuneethReddyHC Event Management System 1.0 contains a Cross-Site Scripting (XSS) vulnerability in the register.php page. The event_id GET parameter is improperly handled, allowing an attacker to craft a malicious URL that executes arbitrary JavaScript in a victim’s browser. The issue is specifica...
EUVD-2025-32722
A Cross-Site Scripting XSS vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the eventid GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into th...
CVE-2025-56243
A Cross-Site Scripting XSS vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the eventid GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into th...
CVE-2025-56243
A Cross-Site Scripting XSS vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the eventid GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into th...
ChurchCRM EventEditor.php Page SQL Injection Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from a time-based SQL blind injection vulnerability in the EID POST parameter of the EventEditor.php page. No detailed vulnerability details are provided at this time...
CVE-2024-4675
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/showevents.php. The manipulation of the argument eventid leads to cross site scripting. The attack can be initiated...
PT-2024-32167 · Campcodes · Campcodes Complete Web-Based School Management System
Name of the Vulnerable Software and Affected Versions: Campcodes Complete Web-Based School Management System version 1.0 Description: A problematic issue has been identified, affecting the /view/show events.php file. The manipulation of the event id argument leads to cross-site scripting. This...
CVE-2024-33403
A SQL injection vulnerability in /model/getevents.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the eventid parameter...
CVE-2024-28322
SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the eventid parameter in a crafted POST request...
CVE-2023-30016
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via subeventid parameter in subeventdetailsedit.php...
CVE-2023-30014
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via subeventid parameter in subeventstatupdate.php...
CVE-2023-30203
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the eventid parameter at /php-jms/resultsheet.php...
Sql injection
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the eventid parameter at /php-jms/resultsheet.php...