53 matches found
PT-2026-45890
Name of the Vulnerable Software and Affected Versions SourceCodester Online Food Ordering System version 2.0 Description A remote file inclusion issue exists in the /index.php file. The include function is susceptible to manipulation via the page argument, allowing an attacker to include arbitrar...
CVE-2026-10110
A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and m...
PT-2026-35168
A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulation of the argument User name results in cross site scripting. The attack may be initiated...
SourceCodester Record Management System SQL注入漏洞
The SourceCodester Record Management System is an open-source record management system developed by SourceCodester. Version 1.0 of the SourceCodester Record Management System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the Username parameter in the...
CVE-2019-25542 Netartmedia Real Estate Portal 5.0 SQL Injection via index.php
Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the useremail parameter. Attackers can send POST requests to index.php with malicious payloads in the useremail field to...
CVE-2026-3946 PHPEMS index.php cross site scripting
A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may b...
CVE-2026-3702 SourceCodester Loan Management System index.php cross site scripting
A vulnerability was detected in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. The attack is possible to be carried out remotely. The exploit is...
PT-2026-23687
Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifian...
CVE-2025-50190
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assochandle parameter with the /index.php script. This issue has been patched in version 1.11.30...
CVE-2025-65349
A Stored Cross-Site Scripting XSS vulnerability in Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to execute arbitrary scripts via a crafted payload due to unsanitized repeater AP SSID value when is displayed in any page at...
CVE-2025-60737
Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version= 4.7.18.0.eden:Logic Version=6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /index.php component...
Online Voting System /index.php File Code Problem Vulnerability
Online Voting System is an online voting system. Online Voting System has a code issue vulnerability that stems from a lack of validation of uploaded files in the page parameter of file /index.php. An attacker can exploit this vulnerability to upload malicious files...
Ilevia EVE X1 Server 安全漏洞
Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server that stems from a cross-site scripting vulnerability in the /index.php component that could lead to the execution of arbitrary code...
CVE-2025-12237
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /index.php. Such manipulation of the argument keywords leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be us...
EUVD-2025-35168
Multiple stored cross-site scripting XSS vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee Notes, title, or description parameters. The patched...
EUVD-2025-27081
Malicious code in bioql PyPI...
CVE-2025-57254
An SQL injection vulnerability affects Karthikg1908 Hospital Management System (HMS) 1.0, in user-login.php and index.php. The issue arises from improper input sanitization of username and password POST parameters, allowing remote attackers to execute arbitrary SQL queries. Consequences listed in...
CVE-2025-57118
An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php...
CVE-2025-57118
An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php...
SourceCodester Online Student File Management SQL注入漏洞
SourceCodester Online Student File Management is a SourceCodester open source online student file management system. A SQL injection vulnerability exists in SourceCodester Online Student File Management version 1.0, which originates from an incorrect manipulation of the parameter studentno in the...