Lucene search
K

53 matches found

Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.16 views

PT-2026-45890

Name of the Vulnerable Software and Affected Versions SourceCodester Online Food Ordering System version 2.0 Description A remote file inclusion issue exists in the /index.php file. The include function is susceptible to manipulation via the page argument, allowing an attacker to include arbitrar...

7.5CVSS7.2AI score0.00302EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/30 6:0 a.m.8 views

CVE-2026-10110

A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and m...

7.5CVSS7AI score0.00313EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.6 views

PT-2026-35168

A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulation of the argument User name results in cross site scripting. The attack may be initiated...

4.8CVSS3.1AI score0.00245EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.7 views

SourceCodester Record Management System SQL注入漏洞

The SourceCodester Record Management System is an open-source record management system developed by SourceCodester. Version 1.0 of the SourceCodester Record Management System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the Username parameter in the...

7.5CVSS7.2AI score0.00271EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/12 3:37 p.m.26 views

CVE-2019-25542 Netartmedia Real Estate Portal 5.0 SQL Injection via index.php

Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the useremail parameter. Attackers can send POST requests to index.php with malicious payloads in the useremail field to...

8.8CVSS0.0046EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/11 3:2 p.m.6 views

CVE-2026-3946 PHPEMS index.php cross site scripting

A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may b...

5.1CVSS4.3AI score0.00191EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/08 4:2 a.m.25 views

CVE-2026-3702 SourceCodester Loan Management System index.php cross site scripting

A vulnerability was detected in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. The attack is possible to be carried out remotely. The exploit is...

5.3CVSS0.00305EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.5 views

PT-2026-23687

Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifian...

8.8CVSS6.1AI score0.00251EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/02 2:53 p.m.4 views

CVE-2025-50190

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assochandle parameter with the /index.php script. This issue has been patched in version 1.11.30...

9.8CVSS5.9AI score0.00587EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/15 12:0 a.m.3 views

CVE-2025-65349

A Stored Cross-Site Scripting XSS vulnerability in Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to execute arbitrary scripts via a crafted payload due to unsanitized repeater AP SSID value when is displayed in any page at...

5.3AI score0.0023EPSS
Exploits1References2
OSV
OSV
added 2025/11/20 4:15 p.m.4 views

CVE-2025-60737

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version= 4.7.18.0.eden:Logic Version=6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /index.php component...

6.1CVSS6.1AI score0.0027EPSS
Exploits1References1
CNVD
CNVD
added 2025/11/20 12:0 a.m.4 views

Online Voting System /index.php File Code Problem Vulnerability

Online Voting System is an online voting system. Online Voting System has a code issue vulnerability that stems from a lack of validation of uploaded files in the page parameter of file /index.php. An attacker can exploit this vulnerability to upload malicious files...

8.8CVSS7.3AI score0.0027EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/20 12:0 a.m.7 views

Ilevia EVE X1 Server 安全漏洞

Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server that stems from a cross-site scripting vulnerability in the /index.php component that could lead to the execution of arbitrary code...

6.1CVSS6.2AI score0.0027EPSS
Exploits1References2
NVD
NVD
added 2025/10/27 7:15 a.m.4 views

CVE-2025-12237

A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /index.php. Such manipulation of the argument keywords leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be us...

9.8CVSS0.00434EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/21 12:0 a.m.4 views

EUVD-2025-35168

Multiple stored cross-site scripting XSS vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee Notes, title, or description parameters. The patched...

6.1CVSS5.3AI score0.00177EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27081

Malicious code in bioql PyPI...

6.1CVSS4.9AI score0.00386EPSS
Exploits1References7
CVE
CVE
added 2025/09/30 12:0 a.m.13 views

CVE-2025-57254

An SQL injection vulnerability affects Karthikg1908 Hospital Management System (HMS) 1.0, in user-login.php and index.php. The issue arises from improper input sanitization of username and password POST parameters, allowing remote attackers to execute arbitrary SQL queries. Consequences listed in...

6.5CVSS8.2AI score0.00249EPSS
Exploits0References2
NVD
NVD
added 2025/09/15 10:15 p.m.5 views

CVE-2025-57118

An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php...

9.8CVSS0.00527EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/09/15 12:0 a.m.5 views

CVE-2025-57118

An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php...

6.9AI score0.00527EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.3 views

SourceCodester Online Student File Management SQL注入漏洞

SourceCodester Online Student File Management is a SourceCodester open source online student file management system. A SQL injection vulnerability exists in SourceCodester Online Student File Management version 1.0, which originates from an incorrect manipulation of the parameter studentno in the...

9.8CVSS7.7AI score0.00398EPSS
Exploits1References6
Rows per page
Query Builder