Lucene search
K

846 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/19 9:2 p.m.3 views

CVE-2026-1176

A security flaw has been discovered in itsourcecode School Management System 1.0. Affected is an unknown function of the file /subject/index.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to...

9.8CVSS5.4AI score0.00333EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/01/19 3:32 p.m.6 views

EUVD-2026-3211

A security vulnerability has been detected in PHPGurukul Directory Management System 1.0. Impacted is an unknown function of the file /index.php of the component Search. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been...

7.5CVSS5.5AI score0.00326EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/01/19 12:0 a.m.5 views

PHPGurukul Directory Management System SQL Injection Vulnerability

The PHPGurukul Directory Management System is a directory management system developed by PHPGurukul Corporation. Version 1.0 of the PHPGurukul Directory Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “searchdata” in the...

9.8CVSS7.2AI score0.00326EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/17 12:0 a.m.4 views

LigeroSmart code injection vulnerability

LigeroSmart is an open-source management platform developed by LigeroSmart. Versions of LigeroSmart 6.1.26 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter TicketID in the file /otrs/index.pl, which could lead to cross-site...

5.4CVSS5.7AI score0.00196EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

Webgrind 跨站脚本漏洞

Webgrind is a web-based PHP performance analysis tool from the individual developer Joakim Nygård. A cross-site scripting vulnerability exists in Webgrind 1.1 and earlier versions, which stems from insufficiently encoded user input in the file parameter of index.php, and could lead to a reflectiv...

6.1CVSS5.6AI score0.003EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.9 views

PT-2026-2429

Name of the Vulnerable Software and Affected Versions Webgrind version 1.1 Description Webgrind version 1.1 contains a remote command execution issue. Unauthenticated attackers can inject OS commands through the dataFile parameter in the ''index.php'' file. Attackers can execute arbitrary system...

9.8CVSS7.5AI score0.01459EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/01/12 12:0 a.m.3 views

QloApps 安全漏洞

QloApps is a hotel management and reservation system from QloApps open source. A security vulnerability exists in QloApps version 1.5.1, which stems from a cross-site request forgery issue in index.php that could allow an attacker to change the administrator's email address via a specially crafte...

5.4CVSS6.6AI score0.00122EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.11 views

CVE-2023-4110

A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument sessionid leads to cross site scripting. The attack can be launched...

6.1CVSS6.1AI score0.01766EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.6 views

CVE-2023-4559

A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api=user=upload of the component POST Request Handler. The manipulation leads to unrestricted upload. The attack may be...

9.8CVSS7.3AI score0.00519EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/01 9:2 a.m.6 views

CVE-2026-0544 itsourcecode School Management System index.php sql injection

A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public an...

7.5CVSS6.7AI score0.00333EPSS
Exploits1References5
CVE
CVE
added 2025/12/31 2:2 a.m.14 views

CVE-2025-15372

The vulnerability is in youlaitech Vue3 Element Admin up to 3.4.0, affecting the Notice Handler component (src/views/system/notice/index.vue). The issue enables cross-site scripting due to unspecified input handling, with remote exploitation possible and a public PoC available. Multiple sources r...

4.8CVSS5.3AI score0.00235EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.2 views

vue3-element-admin 安全漏洞

vue3-element-admin is a backend administration front-end template open-sourced by the Yurai Open Source Organization. A security vulnerability exists in vue3-element-admin version 3.4.0 and earlier, which stems from an incorrect operation of the file src/views/system/notice/index.vue, which could...

4.8CVSS3.8AI score0.00235EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.3 views

PT-2025-54270

A weakness has been identified in youlaitech vue3-element-admin up to 3.4.0. This issue affects some unknown processing of the file src/views/system/notice/index.vue of the component Notice Handler. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The...

4.8CVSS5.6AI score0.00235EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/12/30 10:41 p.m.23 views

CVE-2022-50694 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x SQL Injection via Username Parameter

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through the username parameter to bypass authentication and potentially access...

9.8CVSS0.00815EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.3 views

PT-2025-54232

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through the username parameter to bypass authentication and potentially access...

8.8CVSS8.5AI score0.00815EPSS
Exploits2References7
EUVD
EUVD
added 2025/12/23 12:30 a.m.17 views

EUVD-2023-60245

SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows attackers to manipulate login credentials. Attackers can inject malicious SQL code through the 'password' POST parameter to bypass authentication and potential...

9.3CVSS7.9AI score0.00661EPSS
Exploits2References5
OSV
OSV
added 2025/12/22 10:16 p.m.3 views

CVE-2023-53960

SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows attackers to manipulate login credentials. Attackers can inject malicious SQL code through the 'password' POST parameter to bypass authentication and potential...

9.8CVSS6AI score0.00661EPSS
Exploits2References4
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.5 views

SOUND4多款产品 SQL注入漏洞

SOUND4 IMPACT and others are products of the French company SOUND4.SOUND4 IMPACT is a professional audio processor for broadcasting.SOUND4 FIRST is an audio processor for broadcasting.SOUND4 PULSE is an audio processor. A SQL injection vulnerability exists in several SOUND4 products. The...

9.8CVSS7.9AI score0.00661EPSS
Exploits2References5
CNVD
CNVD
added 2025/12/18 12:0 a.m.5 views

Class and Exam Timetable Management /index.php File SQL Injection Vulnerability

Class and Exam Timetable Management is a course and exam timetable management system. Class and Exam Timetable Management suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameters username/password in the file...

9.8CVSS7.9AI score0.00547EPSS
Exploits1References1
OSV
OSV
added 2025/12/17 8:15 p.m.7 views

CVE-2025-65233

Reflected cross-site scripting XSS in SLiMS slims9bulian before 9.6.0 via improper handling of $SERVER'PHPSELF' in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path...

6.1CVSS6.2AI score0.00184EPSS
Exploits1References2
Rows per page
Query Builder