Web-Based Internet Laboratory Management System /subject/controller.php File SQL Injection Vulnerability

Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally-entered SQL statements in the file /subject/controller.php. An attacker c...

Web-Based Internet Laboratory Management System /user/controller.php File SQL Injection Vulnerability

Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally entered SQL statements in the file /user/controller.php. An attacker can...

CVE-2025-63889

Summary: CVE-2025-63889 affects ThinkPHP 5.0.24, where the fetch function in thinkphp/library/think/Template.php can read arbitrary files via a crafted file path supplied in a template value. Affected component: ThinkPHP 5.0.24, Template.php fetch logic. Impact (as stated): Local/file-read capabi...

PT-2025-47524

Name of the Vulnerable Software and Affected Versions GatesAir Flexiva-LX versions 1.0.13 and 2.0 GatesAir Flexiva-LX models LX100, LX300, LX600, and LX1000 Description The GatesAir Flexiva-LX devices are affected by an issue where sensitive session identifiers sid are exposed in a publicly...

PT-2025-47538

Name of the Vulnerable Software and Affected Versions itsourcecode Human Resource Management System version 1.0 Description A flaw exists in itsourcecode Human Resource Management System 1.0 that allows for SQL injection. The issue stems from improper handling of the eventSubject argument during...

PT-2025-47467

Name of the Vulnerable Software and Affected Versions DataDirect Connect for JDBC for Amazon Redshift versions through 6.0.0.001392 DataDirect Connect for JDBC for Apache Cassandra versions through 6.0.0.000805 DataDirect Connect for JDBC for Hive versions through 6.0.1.001499 DataDirect Connect...

CVE-2025-63212

GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers sid in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions...

CVE-2025-13301

A vulnerability was found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /subject/controller.php. The manipulation results in sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2025-63892

A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function createclassroom of the file /classroom.php of the component My Classrooms Management Page. This manipulation of the argument name/description causes stored cross site scripting...

PT-2025-47303

Name of the Vulnerable Software and Affected Versions SourceCodester Train Station Ticketing System version 1.0 Description A security issue exists in SourceCodester Train Station Ticketing System 1.0. The issue involves a SQL injection point within the application, specifically through...

SourceCodester Train Station Ticketing System SQL注入漏洞

SourceCodester Train Station Ticketing System is SourceCodester open source a train station ticketing system. A SQL injection vulnerability exists in SourceCodester Train Station Ticketing System version 1.0, which stems from an incorrect operation of the function saveticket in the file /ajax.php...

CVE-2025-13257

A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has be...

CVE-2025-63916

Summary : CVE-2025-63916 affects MyScreenTools v2.2.1.0. The issue is a critical OS command injection in the GIF compression tool, where the CMD() function in GIFSicleTool/Form_gif_sicle_tool.cs concatenates unsanitized user input (file paths) and executes them via cmd.exe. This allows arbitrary ...

CVE-2025-13187

A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected storage of credentials. The attack may be launched remotely. The exploit...

EUVD-2025-197673

A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected storage of credentials. The attack may be launched remotely. The exploit...

CVE-2025-64738

External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access...

EUVD-2025-175326

External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access...

CVE-2025-64738

External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access...

CVE-2025-64739

External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access...

CVE-2025-64738 Zoom Workplace for macOS - External Control of File Name or Path

External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access...