CVE-2025-63703

npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...

EUVD-2026-14738

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack may be performed fr...

CVE-2021-47871

CVE-2021-47871 affects Hestia Control Panel 1.3.2. An authenticated attacker can exploit the API endpoint index.php via the v-make-tmp-file command to perform arbitrary file writes, potentially placing SSH keys or other content at arbitrary server paths. Impact is high for confidentiality, integr...

CVE-2022-50794

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system...

CVE-2022-50794

CVE-2022-50794 affects SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below. An unauthenticated command injection exists via the HTTP POST username parameter in index.php and login.php, enabling execution of arbitrary shell commands with network access. Public details identify the vulnerable comp...

CVE-2022-50794 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Command Injection via Username

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system...

CVE-2023-53963

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the...

CVE-2023-53963

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the...

PT-2025-52700

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x Description The software contains an unauthenticated OS command injection issue that allows remote attackers to execute arbitrary shell commands. This is possible through the 'password' parameter in t...

CVE-2025-10113

CVE-2025-10113 affects itsourcecode Student Information Management System 1.0. The vulnerability is a SQL injection in /admin/modules/room/index.php caused by manipulation of the ID argument. Remote exploitation is possible, and the exploit has been publicly disclosed. Some sources note a workaro...

Malicious code in udn_extras (npm)

The package is a malware because it contains a postinstall script that executes index.js. The index.js script gathers sensitive information such as hostname, platform, username, IP address, and environment variables and sends it to an external server webhook.site via an HTTPS POST request. This...

PT-2024-26276 · Unknown · Phpgurukul Online Fire Reporting System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Fire Reporting System version 1.2 Description: A SQL Injection issue exists in the ofrs/admin/index.php script, allowing attackers to bypass authentication and gain unauthorized access by injecting SQL commands into the...

PT-2024-15962 · Unknown · Asterisk-Cli +1

Name of the Vulnerable Software and Affected Versions: Issabel PBX version 4.0.0 Description: A critical issue affects the processing of the file /index.php?menu=asterisk cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be...

Availability Booking Calendar PHP Cross Site Scripting Vulnerability

Availability Booking Calendar PHP is a GZ Scripts open source availability booking calendar system. A cross-site scripting vulnerability exists in Availability Booking Calendar PHP version 5.0, which stems from the parameter sessionid in the file /index.php that causes cross-site scripting...

Osprey Pump Controller 操作系统命令注入漏洞

Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01, which stems from an operating system command injection vulnerability. The vulnerability can be exploited to inject and execute arbitrary shell commands via the index.ph...

eXtplorer 安全漏洞

eXtplorer is a PHP-based file manager. A security vulnerability exists in eXtplorer version v.2.1.15, which stems from an insecure privilege vulnerability that can be exploited by remote attackers to execute arbitrary code via the index.php component...

CVE-2022-36748

PicUploader v2.6.3 was discovered to contain a cross-site scripting XSS vulnerability via the component /master/index.php...

CVE-2020-35598

ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advancedcomponentsystem/index.php?ACSpath=..%2f URI. NOTE: this might be the same as CVE-2009-4623...

CVE-2018-1000629

Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or loginusername parameter in a...

PT-2018-17274

Name of the Vulnerable Software and Affected Versions: Flexible Poll version 1.2 Description: A SQL Injection issue exists, allowing exploitation via the id parameter to "mobile preview.php" or "index.php" API endpoints. Recommendations: For Flexible Poll version 1.2, avoid using the id parameter...