846 matches found
CVE-2025-63589
A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...
CVE-2025-12292
A vulnerability was determined in SourceCodester Point of Sales 1.0. This vulnerability affects unknown code of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be...
CVE-2025-12336
A vulnerability was identified in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/adminindex.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is...
EUVD-2025-36199
A vulnerability was determined in SourceCodester Point of Sales 1.0. This vulnerability affects unknown code of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be...
CVE-2025-12266 Zytec Dalian Zhuoyun Technology Central Authentication Service widget _empty code injection
A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/get.action results in code injection. The...
CVE-2025-12237 projectworlds Advanced Library Management System index.php sql injection
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /index.php. Such manipulation of the argument keywords leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be us...
SourceCodester Point of Sales SQL注入漏洞
SourceCodester Point of Sales is an open source point of sale system from SourceCodester. A SQL injection vulnerability exists in SourceCodester Point of Sales version 1.0, which stems from incorrect manipulation of the parameter Username in the file /index.php, which could lead to a SQL injectio...
Sergestec Exito 跨站脚本漏洞
Sergestec Exito is a sales platform from Sergestec, Inc. A cross-site scripting vulnerability exists in Sergestec Exito version v8.0, which stems from insufficient validation of user input for the parameter obs in the file /admin/index.php, which could lead to a stored cross-site scripting attack...
Sergestec SISTICK SQL注入漏洞
Sergestec SISTICK is an enterprise business management platform from Sergestec. A SQL injection vulnerability exists in Sergestec SISTICK v7.2, which stems from incorrect manipulation of the parameter id in the file /index.php?view=ticketdetail, which could lead to a SQL injection attack...
CVE-2025-11736
A flaw has been found in itsourcecode Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may...
CVE-2025-11736 itsourcecode Online Examination System index.php sql injection
A flaw has been found in itsourcecode Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may...
CVE-2025-11736
CVE-2025-11736 affects itsourcecode Online Examination System 1.0. Affected component: file /index.php, where manipulation of the Username parameter enables SQL injection. Root cause: improper handling of input leading to database query manipulation. Impact: remote exploitation with high likeliho...
itsourcecode Online Examination System SQL注入漏洞
itsourcecode Online Examination System is a itsourcecode open source online examination system. A SQL injection vulnerability exists in version 1.0 of itsourcecode Online Examination System, which stems from an incorrect manipulation of the parameter Username in the file /index.php, which could...
CVE-2025-11588
A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...
EUVD-2025-33832
A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Such manipulation leads to improper validati...
CVE-2025-11594 ywxbear PHP-Bookstore-Website-Example Quantity index.php improper validation of specified quantity in input
A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Such manipulation leads to improper validati...
CVE-2025-11594 ywxbear PHP-Bookstore-Website-Example Quantity index.php improper validation of specified quantity in input
A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Such manipulation leads to improper validati...
CVE-2025-11594
The CVE-2025-11594 issue affects ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website (files handling in the Quantity Handler, /index.php). Root cause: insufficient validation of the quantity input, allowing remote manipulation. Exploitation details are publicly disclosed in conn...
PT-2025-41650
Name of the Vulnerable Software and Affected Versions ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website versions prior to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4 Description A flaw exists in the Quantity Handler component of the software, specifically in the processing of the...
CVE-2025-11588
A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...