Lucene search
K

846 matches found

EUVD
EUVD
added 2025/12/17 12:0 a.m.4 views

EUVD-2025-203916

Reflected cross-site scripting XSS in SLiMS slims9bulian before 9.6.0 via improper handling of $SERVER'PHPSELF' in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path...

6.1CVSS5.8AI score0.00184EPSS
Exploits1References3
CVE
CVE
added 2025/12/17 12:0 a.m.9 views

CVE-2025-65233

CVE-2025-65233 affects SLiMS (slims9_bulian) prior to 9.6.0. The vulnerability is a reflected XSS in index.php/sysconfig.inc.php caused by improper handling of $_SERVER['PHP_SELF'], allowing remote attackers to trigger arbitrary JavaScript in victims’ browsers via a crafted URL path. Data in conn...

6.1CVSS5.9AI score0.00184EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2025/12/13 5:52 a.m.6 views

Privilege Escalation

alextselegidis/easyappointments is vulnerable to Privilege Escalation. The vulnerability is due to improper access control in the index.php file, which allows a remote attacker to escalate privileges by exploiting insufficient authorization checks...

9.8CVSS5.8AI score0.00767EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/12/11 8:2 p.m.6 views

EUVD-2025-202874

A security flaw has been discovered in code-projects Class and Exam Timetable Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument username/password results in sql injection. The attack may be...

7.5CVSS6.5AI score0.00547EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.4 views

Code-Projects Class and Exam Timetable Management 安全漏洞

Class and Exam Timetable Management is a course and exam timetable management system. Class and Exam Timetable Management suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameters username/password in the file...

9.8CVSS7.9AI score0.00547EPSS
Exploits1References7
EUVD
EUVD
added 2025/12/09 6:30 p.m.3 views

EUVD-2025-202293

An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpinfo via the a parameter to the index.php...

6.3AI score0.00222EPSS
Exploits1References2
NVD
NVD
added 2025/12/08 6:15 p.m.7 views

CVE-2025-14259

A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument catid results in sql injection. The attack may be launched remotely. The exploit has been made public and...

6.5CVSS0.00192EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/08 6:2 p.m.5 views

CVE-2025-14259 Jihai Jshop MiniProgram Mall System api.html sql injection

A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument catid results in sql injection. The attack may be launched remotely. The exploit has been made public and...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/08 12:0 a.m.7 views

PT-2025-49584

A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument cat id results in sql injection. The attack may be launched remotely. The exploit has been made public and...

6.5CVSS7AI score0.00192EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/01 9:22 a.m.12 views

CVE-2025-13786

A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public...

9.8CVSS6.9AI score0.00485EPSS
Exploits1References1
NVD
NVD
added 2025/11/30 9:15 a.m.9 views

CVE-2025-13786

A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public...

9.8CVSS0.00485EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/11/30 12:0 a.m.5 views

wtcms 代码注入漏洞

wtcms is a ThinkPHP-based content management system CMS by Taosir Individual Developer. A code injection vulnerability exists in wtcms, which stems from incorrect manipulation of the parameter content in the file /index.php, which could lead to code injection...

9.8CVSS7.6AI score0.00485EPSS
Exploits1References5
CNVD
CNVD
added 2025/11/27 12:0 a.m.3 views

Library System index.php File SQL Injection Vulnerability

Library System is a library system. Library System suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Username in the file /index.php. The vulnerability can be exploited by an attacker to execute illegal SQL...

9.8CVSS8.3AI score0.00339EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/24 3:34 p.m.7 views

CVE-2025-13554

A security vulnerability has been detected in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /index.php of the component Login. Such manipulation of the argument txtUsername leads to sql injection. It is possible to launch the attack remotely. The exploit h...

9.8CVSS7AI score0.00339EPSS
Exploits1References1
OSV
OSV
added 2025/11/24 3:16 a.m.2 views

CVE-2025-13578

A vulnerability has been found in code-projects Library System 1.0. This affects an unknown function of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public...

9.8CVSS5.7AI score0.00339EPSS
Exploits1References5
EUVD
EUVD
added 2025/11/24 2:2 a.m.4 views

EUVD-2025-198600

A vulnerability has been found in code-projects Library System 1.0. This affects an unknown function of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public...

7.5CVSS6.6AI score0.00339EPSS
Exploits1References6
CVE
CVE
added 2025/11/23 5:32 p.m.12 views

CVE-2025-13561

This CVE concerns SourceCodester Company Website CMS 1.0. The vulnerability exists in the /admin/index.php code where manipulation of the Username parameter enables SQL injection. Remote exploitation is possible, and public exploit disclosure is noted. Multiple connected sources corroborate the i...

9.8CVSS7.3AI score0.00339EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/23 3:2 p.m.2 views

CVE-2025-13554 Campcodes Supplier Management System Login index.php sql injection

A security vulnerability has been detected in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /index.php of the component Login. Such manipulation of the argument txtUsername leads to sql injection. It is possible to launch the attack remotely. The exploit h...

7.5CVSS6.7AI score0.00339EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/11/23 12:0 a.m.3 views

SourceCodester Company Website CMS SQL注入漏洞

SourceCodester Company Website CMS is a SourceCodester open source content management system. A SQL injection vulnerability exists in SourceCodester Company Website CMS version 1.0, which originates from the incorrect operation of the parameter Username in the file /admin/index.php, which may lea...

9.8CVSS7.8AI score0.00339EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/11/23 12:0 a.m.4 views

CampCodes Supplier Management System SQL注入漏洞

CampCodes Supplier Management System is a supplier management system from CampCodes, Inc. A SQL injection vulnerability exists in Campcodes Supplier Management System version 1.0, which stems from an incorrect manipulation of the parameter txtUsername in the file /index.php, which could lead to S...

9.8CVSS7.8AI score0.00339EPSS
Exploits1References6
Rows per page
Query Builder