846 matches found
EUVD-2025-203916
Reflected cross-site scripting XSS in SLiMS slims9bulian before 9.6.0 via improper handling of $SERVER'PHPSELF' in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path...
CVE-2025-65233
CVE-2025-65233 affects SLiMS (slims9_bulian) prior to 9.6.0. The vulnerability is a reflected XSS in index.php/sysconfig.inc.php caused by improper handling of $_SERVER['PHP_SELF'], allowing remote attackers to trigger arbitrary JavaScript in victims’ browsers via a crafted URL path. Data in conn...
Privilege Escalation
alextselegidis/easyappointments is vulnerable to Privilege Escalation. The vulnerability is due to improper access control in the index.php file, which allows a remote attacker to escalate privileges by exploiting insufficient authorization checks...
EUVD-2025-202874
A security flaw has been discovered in code-projects Class and Exam Timetable Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument username/password results in sql injection. The attack may be...
Code-Projects Class and Exam Timetable Management 安全漏洞
Class and Exam Timetable Management is a course and exam timetable management system. Class and Exam Timetable Management suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameters username/password in the file...
EUVD-2025-202293
An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpinfo via the a parameter to the index.php...
CVE-2025-14259
A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument catid results in sql injection. The attack may be launched remotely. The exploit has been made public and...
CVE-2025-14259 Jihai Jshop MiniProgram Mall System api.html sql injection
A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument catid results in sql injection. The attack may be launched remotely. The exploit has been made public and...
PT-2025-49584
A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument cat id results in sql injection. The attack may be launched remotely. The exploit has been made public and...
CVE-2025-13786
A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public...
CVE-2025-13786
A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public...
wtcms 代码注入漏洞
wtcms is a ThinkPHP-based content management system CMS by Taosir Individual Developer. A code injection vulnerability exists in wtcms, which stems from incorrect manipulation of the parameter content in the file /index.php, which could lead to code injection...
Library System index.php File SQL Injection Vulnerability
Library System is a library system. Library System suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Username in the file /index.php. The vulnerability can be exploited by an attacker to execute illegal SQL...
CVE-2025-13554
A security vulnerability has been detected in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /index.php of the component Login. Such manipulation of the argument txtUsername leads to sql injection. It is possible to launch the attack remotely. The exploit h...
CVE-2025-13578
A vulnerability has been found in code-projects Library System 1.0. This affects an unknown function of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public...
EUVD-2025-198600
A vulnerability has been found in code-projects Library System 1.0. This affects an unknown function of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public...
CVE-2025-13561
This CVE concerns SourceCodester Company Website CMS 1.0. The vulnerability exists in the /admin/index.php code where manipulation of the Username parameter enables SQL injection. Remote exploitation is possible, and public exploit disclosure is noted. Multiple connected sources corroborate the i...
CVE-2025-13554 Campcodes Supplier Management System Login index.php sql injection
A security vulnerability has been detected in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /index.php of the component Login. Such manipulation of the argument txtUsername leads to sql injection. It is possible to launch the attack remotely. The exploit h...
SourceCodester Company Website CMS SQL注入漏洞
SourceCodester Company Website CMS is a SourceCodester open source content management system. A SQL injection vulnerability exists in SourceCodester Company Website CMS version 1.0, which originates from the incorrect operation of the parameter Username in the file /admin/index.php, which may lea...
CampCodes Supplier Management System SQL注入漏洞
CampCodes Supplier Management System is a supplier management system from CampCodes, Inc. A SQL injection vulnerability exists in Campcodes Supplier Management System version 1.0, which stems from an incorrect manipulation of the parameter txtUsername in the file /index.php, which could lead to S...