CVE-2026-39942 Directus has a Path Traversal and Broken Access Control in File Management API

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/id endpoint accepts a user-controlled filenamedisk parameter. By setting this value to match the storage path of another user's file, an attacker can overwrite that file's content...

UBUNTU-CVE-2023-54335

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerable file management system...

PT-2026-2425

Name of the Vulnerable Software and Affected Versions eXtplorer version 2.1.14 Description eXtplorer version 2.1.14 contains an authentication bypass that allows attackers to log in without a password by manipulating the login request. Successful exploitation enables attackers to upload malicious...

CVE-2025-15404 campcodes School File Management System save_file.php unrestricted upload

A security vulnerability has been detected in campcodes School File Management System 1.0. The affected element is an unknown function of the file /savefile.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclose...

CampCodes School File Management System 代码问题漏洞

CampCodes School File Management System is a school file management system from CampCodes Philippines. A code issue vulnerability exists in CampCodes School File Management System version 1.0, which stems from an incorrect manipulation of the parameter File in the file /savefile.php resulting in ...

Student File Management System update_user.php File Cross-Site Scripting Vulnerability

Student File Management System is a student file management system. A cross-site scripting vulnerability exists in Student File Management System, which originates from an incorrect operation of the file /admin/updateuser.php, for which no detailed vulnerability details are currently available...

CVE-2025-14645

A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown function of the file /admin/deleteuser.php. The manipulation of the argument userid leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly...

CVE-2025-14619

A vulnerability was found in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file loginquery.php. Performing manipulation of the argument studno results in sql injection. The attack may be initiated remotely. The exploit has been...

EUVD-2025-203299

A vulnerability was found in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/updateuser.php of the component Update User Page. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit has been made...

EUVD-2025-203302

A vulnerability was determined in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/updatestudent.php. Executing manipulation can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed a...

CVE-2025-14663

A vulnerability was determined in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/updatestudent.php. Executing manipulation can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed a...

CVE-2025-14663

The CVE-2025-14663 entry relates to code-projects' Student File Management System 1.0 and an XSS vulnerability in the /admin/update_student.php endpoint. The connected CNVD/NVD entries corroborate a cross-site scripting flaw arising from insufficient input filtering/escaping of user-supplied data...

CVE-2025-14640

Affects Code-Projects Student File Management System 1.0. The vulnerability is an SQL injection in the /admin/save_student.php handler, triggered by manipulating the stud_no (or student_no) parameter due to lack of input validation. This can be exploited remotely (attack vector NETWORK) and may a...

Code-Projects Student File Management System 代码注入漏洞

Student File Management System is a student file management system. A cross-site scripting vulnerability exists in Student File Management System, which originates from an incorrect operation of the file /admin/updateuser.php, for which no detailed vulnerability details are currently available...

Code-Projects Student File Management System SQL注入漏洞

Student File Management System is a student file management system. A SQL injection vulnerability exists in Student File Management System, which originates from an incorrect manipulation of the parameter userid in the file /admin/deleteuser.php, and can be exploited by an attacker to obtain or...

CVE-2025-14620 code-projects Student File Management System login_query.php sql injection

A vulnerability was determined in code-projects Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/loginquery.php. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit h...

Code-Projects Student File Management System SQL注入漏洞

Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter studentid in the file /admin/updatestudent.php. An...

PT-2025-51130

Name of the Vulnerable Software and Affected Versions code-projects Student File Management System version 1.0 Description A security flaw exists in code-projects Student File Management System 1.0. The issue affects unknown code within the file /admin/save user.php. Manipulation of the firstname...

CVE-2025-14209

A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /updatequery.php. This manipulation of the argument studid causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and...

CVE-2025-14209

A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /updatequery.php. This manipulation of the argument studid causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and...