CVE-2025-7513

A vulnerability was found in code-projects Modern Bag 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/slideupdate.php. The manipulation of the argument idSlide leads to sql injection. The attack can be launched remotely. The...

PT-2025-29312 · Unknown · Modern Bag

Name of the Vulnerable Software and Affected Versions: Modern Bag version 1.0 Description: A critical vulnerability exists in an unknown part of the file /product-detail.php. The manipulation of the ID argument leads to SQL injection. This issue is potentially exploitable remotely, and the exploi...

Remote Code Execution (RCE)

bolt/bolt is vulnerable to remote code execution RCE. The vulnerability is due to unsanitized rendering of user-controlled input PHP code injection in the displayname field in backend templates, followed by abuse of session file manipulation endpoints which allows an attacker to create a web shel...

CVE-2025-7197

A vulnerability classified as critical has been found in code-projects Jonnys Liquor 1.0. This affects an unknown part of the file /admin/delete-row.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to t...

CVE-2025-7177 PHPGurukul Car Washing Management System editcar-washpoint.php sql injection

A vulnerability was found in PHPGurukul Car Washing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/editcar-washpoint.php. The manipulation of the argument wpid leads to sql injection. The attack may be launched remotel...

CVE-2025-7175

A vulnerability was found in code-projects E-Commerce Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/usersphoto.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has...

CVE-2025-23365

A vulnerability has been identified in TIA Administrator All versions V3.0.6. The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to escalate privilege and exceute arbitrary code...

PT-2025-28500 · Code Projects · Code-Projects Chat System

Name of the Vulnerable Software and Affected Versions: code-projects Chat System version 1.0 Description: A critical issue affects the processing of the file /user/fetch chat.php, where the manipulation of the ID argument leads to SQL injection. The attack can be initiated remotely...

CVE-2025-34086

Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend...

CVE-2025-5310

Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework TCF interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution...

CVE-2025-6866 code-projects Simple Forum forum_downloadfile.php path traversal

A vulnerability has been found in code-projects Simple Forum 1.0 and classified as critical. This vulnerability affects unknown code of the file /forumdownloadfile.php. The manipulation of the argument filename leads to path traversal. The attack can be initiated remotely. The exploit has been...

CVE-2025-6855

Langchain-Chatchat (LangChain-Chatchat) up to version 0.3.1 contains a path traversal vulnerability in the /v1/file endpoint caused by manipulation of the flag argument. The issue is described as critical/high impact with potential for unauthorized file access/modification and is publicly disclos...

PT-2025-27094 · Unknown · Serped.Net

Name of the Vulnerable Software and Affected Versions: SERPed.net versions n/a through 4.6 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This is a...

CVE-2025-3722

A path traversal vulnerability in System Information Reporter SIR 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly overwriting existing files and...

CVE-2025-6613

A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched...

CVE-2025-6456

A vulnerability, which was classified as critical, has been found in code-projects Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file /reservation/order.php. The manipulation of the argument Start leads to sql injection. The attack may be launche...

CVE-2025-6331

A vulnerability classified as critical was found in PHPGurukul Directory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search-directory.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched...

CVE-2025-6339

A vulnerability was found in ponaravindb Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /func3.php. The manipulation of the argument username1 leads to sql injection. The attack may be launched remotely. The exploit...

CVE-2025-6317

A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/confirm.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to...

CVE-2025-6466

A vulnerability was found in ageerle ruoyi-ai 2.0.0 and classified as critical. Affected by this issue is the function speechToTextTranscriptionsV2/upload of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/service/impl/SseServiceImpl.java. The manipulation of the argument File...