103 matches found
CVE-2025-22599
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed in 3.2.8...
CVE-2025-22599
The CVE-2025-22599 issue affects the WeGIA web manager (WeGIA) and relates to a Reflected Cross-Site Scripting (XSS) vulnerability in the home.php endpoint via the msg_c parameter. The root cause is a reflected XSS flaw that allows injection of malicious scripts. Affected versions are prior to 3....
CVE-2025-22599 WeGIA has a Cross-Site Scripting (XSS) Reflected endpoint `home.php` parameter `msg_c`
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed in 3.2.8...
CVE-2025-22599 WeGIA has a Cross-Site Scripting (XSS) Reflected endpoint `home.php` parameter `msg_c`
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed in 3.2.8...
CVE-2024-52676
Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to Cross Site Scripting XSS via /bccforum/members/home.php...
CVE-2024-10337
A vulnerability classified as critical has been found in SourceCodeHero Clothes Recommendation System 1.0. Affected is an unknown function of the file /admin/home.php?con=add. The manipulation of the argument cat/subcat/ t1/t2/text leads to sql injection. It is possible to launch the attack...
SourceCodeHero Clothes Recommendation System SQL注入漏洞
SourceCodeHero Clothes Recommendation System is a SourceCodeHero open source clothing recommendation system. A SQL injection vulnerability exists in SourceCodeHero Clothes Recommendation System version 1.0, which stems from the parameter view/view1 in the file /admin/home.php that can lead to SQL...
PT-2024-31989 · Ypay · Ypay
Name of the Vulnerable Software and Affected Versions: YPay version 1.2.0 Description: An arbitrary file upload vulnerability allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php, which is called from app/admin/controller/ypay/Home.php. The fi...
CVE-2024-7222 SourceCodester Lot Reservation Management System home.php sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Lot Reservation Management System 1.0. Affected is an unknown function of the file /home.php. The manipulation of the argument type leads to sql injection. It is possible to launch the attack remotely. The exploit has...
PT-2024-38182 · Sourcecodester · Lot Reservation Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Lot Reservation Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown function of the file /home.php. The manipulation of the type argument leads to SQL injection. It is...
CVE-2024-4966 SourceCodester SchoolWebTech home.php unrestricted upload
A vulnerability was found in SourceCodester SchoolWebTech 1.0. It has been classified as critical. Affected is an unknown function of the file /improve/home.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...
CVE-2024-2516 MAGESH-K21 Online-College-Event-Hall-Reservation-System home.php sql injection
A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file home.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit h...
CVE-2024-2515 MAGESH-K21 Online-College-Event-Hall-Reservation-System home.php cross site scripting
A vulnerability, which was classified as problematic, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this issue is some unknown functionality of the file home.php. The manipulation of the argument id leads to cross site scripting. The attack may be...
CVE-2024-2272 keerti1924 Online-Book-Store-Website HTTP POST Request home.php sql injection
A vulnerability classified as critical was found in keerti1924 Online-Book-Store-Website 1.0. This vulnerability affects unknown code of the file /home.php of the component HTTP POST Request Handler. The manipulation of the argument productname leads to sql injection. The attack can be initiated...
CVE-2024-2272 keerti1924 Online-Book-Store-Website HTTP POST Request home.php sql injection
A vulnerability classified as critical was found in keerti1924 Online-Book-Store-Website 1.0. This vulnerability affects unknown code of the file /home.php of the component HTTP POST Request Handler. The manipulation of the argument productname leads to sql injection. The attack can be initiated...
Online-Book-Store-Website SQL Injection Vulnerability
Online-Book-Store-Website is an online bookstore website. A SQL injection vulnerability exists in Online-Book-Store-Website version 1.0, which originates from a SQL injection vulnerability in the productname parameter of the /home.php file...
CVE-2024-24496
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components...
CVE-2023-6411 SQL injection in Voovi Social Networking Script
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via home.php in the update parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all...
CVE-2023-6411 SQL injection in Voovi Social Networking Script
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via home.php in the update parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all...
Voovi SQL Injection Vulnerability
Voovi is an open source social networking script from Sourceforge. Voovi 1.0 version has a SQL injection vulnerability , the vulnerability stems from home.php has a SQL injection vulnerability...