CVE-2026-9575

CVE-2026-9575 affects the itsourcecode Student Transcript Processing System 1.0. The flaw arises from improper handling of the ID argument in the PHP file at /admin/modules/class/index.php?view=view, enabling SQL injection. It is a remote, unauthenticated risk with PoC-level exploit maturity and ...

EUVD-2026-26867

A vulnerability was found in code-projects Gym Management System In PHP and Windows NT 1.0. This vulnerability affects unknown code of the file /index.php. Performing a manipulation of the argument day results in sql injection. The attack can be initiated remotely. The exploit has been made publi...

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a vulnerability related to SQL injection, which stems from the operation of the Category function in the...

CVE-2026-7044 GreenCMS index.php themeadd unrestricted upload

A vulnerability was found in GreenCMS up to 2.3. Affected is the function themeadd of the file /index.php?m=admin&c=custom&a=themeadd. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit has been made public and could be used. This vulnerability only...

EUVD-2018-21786

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system...

CVE-2018-25270

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system...

CVE-2026-6561 EyouCMS Index.php edit_adminlogo unrestricted upload

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function editadminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit ...

CVE-2026-6561

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function editadminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit ...

PT-2026-33618

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit...

EUVD-2026-23440

A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php...

Exploit for CVE-2026-37749

CVE-2026-37749 CVE-2026-37749 — CodeAstro Simple Attendance...

SourceCodester Sales and Inventory System 安全漏洞

The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a security vulnerability. This vulnerability stems from improper cleaning of the msg parameter i...

PT-2026-29053

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via...

CVE-2026-30556

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via...

CVE-2021-27519

A cross-site scripting XSS issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter...

CVE-2026-4877

A security flaw has been discovered in itsourcecode Payroll Management System up to 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-4877 itsourcecode Payroll Management System index.php cross site scripting

A security flaw has been discovered in itsourcecode Payroll Management System up to 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-4877 itsourcecode Payroll Management System index.php cross site scripting

A security flaw has been discovered in itsourcecode Payroll Management System up to 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2019-25632 phpFileManager 1.7.8 Local File Inclusion via index.php

phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fmcurrentdir, and filename parameters. Attackers can send GET requests to index.php with crafted parameter values to access sensitive files...

CVE-2019-25632 phpFileManager 1.7.8 Local File Inclusion via index.php

phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fmcurrentdir, and filename parameters. Attackers can send GET requests to index.php with crafted parameter values to access sensitive files...