370 matches found
CVE-2023-43456
Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint...
CVE-2025-15052
A vulnerability was detected in code-projects Student Information System 1.0. This vulnerability affects unknown code of the file /profile.php. Performing manipulation of the argument firstname/lastname results in cross site scripting. The attack is possible to be carried out remotely. The exploi...
Student File Management System save_user.php File SQL Injection Vulnerability
Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter firstname in the file /admin/saveuser.php. An...
EUVD-2025-204459
A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...
CVE-2023-53913
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file...
EUVD-2023-60217
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file...
CVE-2023-53913
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file...
CVE-2023-53913
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file...
CVE-2023-53913 Rukovoditel 3.3.1 CSV Injection via User Account Export
Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into the firstname field. Attackers can craft payloads like =calc|a!z| to trigger code execution when an admin exports customer data as a CSV file...
CVE-2023-53913
CVE-2023-53913 affects Rukovoditel 3.3.1. A CSV injection vulnerability arises from improper cleaning of the firstname field, allowing authenticated users to inject formulas like “=calc|a!z|” that can trigger code execution when an admin exports customer data as CSV. The root cause is user-suppli...
PT-2025-51951
Name of the Vulnerable Software and Affected Versions Rukovoditel version 3.3.1 Description The software contains a CSV injection issue that allows authenticated users to inject malicious formulas into the firstname field. An attacker can create payloads, such as =calc|a!z|, to execute code when ...
Rukovoditel 安全漏洞
Rukovoditel is a web-based open source project management software from the Rukovoditel team. The software features project management, customer relationship management, and more. A security vulnerability exists in Rukovoditel version 3.3.1, which stems from improper cleaning of the firstname fie...
CVE-2025-14622
A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/saveuser.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released...
EUVD-2025-203268
A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/saveuser.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released...
CVE-2025-14622
A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/saveuser.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released...
CVE-2025-14622 code-projects Student File Management System save_user.php sql injection
A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/saveuser.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released...
CVE-2025-14622 code-projects Student File Management System save_user.php sql injection
A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/saveuser.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released...
CVE-2025-14622
Code-projects Student File Management System 1.0 has a SQL injection vulnerability in /admin/save_user.php via the firstname parameter. The issue allows remote exploitation, and public exploits have been released. Multiple connected sources confirm the vulnerability but do not provide a confirmed...
Code-Projects Student File Management System SQL注入漏洞
Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter firstname in the file /admin/saveuser.php. An...
PT-2025-51130
Name of the Vulnerable Software and Affected Versions code-projects Student File Management System version 1.0 Description A security flaw exists in code-projects Student File Management System 1.0. The issue affects unknown code within the file /admin/save user.php. Manipulation of the firstname...