9 matches found
CVE-2026-37149
GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 was discovered to contain a SQL injection vulnerability in the scost parameter in /grocery/searchproducts.php. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...
school-management-system 安全漏洞
School-Management-System is a school management system developed by Shubham Kumar, an individual developer. Version 1.0 of School-Management-System has a security vulnerability. This vulnerability stems from improper handling of the sitemname POST parameter in the file...
CVE-2025-65354
Improper input handling in /Grocery/searchproductsitname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitemname POST parameter. Crafted payloads can alter query logic and disclose database contents. Exploitation may result in sensitive data disclosure and backend...
CVE-2025-65354
Improper input handling in /Grocery/searchproductsitname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitemname POST parameter. Crafted payloads can alter query logic and disclose database contents. Exploitation may result in sensitive data disclosure and backend...
CVE-2025-65354
Improper input handling in /Grocery/searchproductsitname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitemname POST parameter. Crafted payloads can alter query logic and disclose database contents. Exploitation may result in sensitive data disclosure and backend...
PT-2025-52847
Name of the Vulnerable Software and Affected Versions PuneethReddyHC event-management version 1.0 Description Improper input handling in the /Grocery/search products itname.php file allows for SQL injection via the sitem name POST parameter. Crafted payloads can alter query logic and disclose...
CVE-2025-65354
Improper input handling in /Grocery/searchproductsitname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitemname POST parameter. Crafted payloads can alter query logic and disclose database contents. Exploitation may result in sensitive data disclosure and backend...
CVE-2025-65354
Improper input handling in /Grocery/searchproductsitname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitemname POST parameter. Crafted payloads can alter query logic and disclose database contents. Exploitation may result in sensitive data disclosure and backend...
CVE-2025-65354
CVE-2025-65354 affects PuneethReddyHC event-management version 1.0. The Red Hat and NVD entries, along with other feeds, describe improper input handling in /Grocery/search_products_itname.php that allows SQL injection via the sitem_name POST parameter. Crafted payloads can alter query logic and ...