CVE-2025-7521

CVE-2025-7521 affects PHPGurukul Vehicle Parking Management System v1.13. The vulnerability is a SQL injection in the /admin/index.php file where the Username parameter can be manipulated to execute SQL commands remotely. Public disclosure of the exploit is noted. Connected sources consistently d...

PHPGurukul Vehicle Parking Management System 注入漏洞

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter Username in file /admin/index.php that lacks validation of an externally entered SQL statement. An attacker can...

PHPGurukul Zoo Management System 安全漏洞

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Username in file /admin/index.php. An attacker can exploit this vulnerability to...

CVE-2025-7100 BoyunCMS Index.php unrestricted upload

A vulnerability was found in BoyunCMS up to 1.4.20 and classified as critical. Affected by this issue is some unknown functionality of the file /application/user/controller/Index.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The...

CVE-2025-7100 BoyunCMS Index.php unrestricted upload

A vulnerability was found in BoyunCMS up to 1.4.20 and classified as critical. Affected by this issue is some unknown functionality of the file /application/user/controller/Index.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The...

BoyunCMS 安全漏洞

BoyunCMS is an enterprise content management system from China Boyun Boyun Company. A security vulnerability exists in BoyunCMS 1.4.20 and earlier versions, which originates from improper handling of the parameter image in the file /application/user/controller/Index.php, which may lead to arbitra...

CVE-2025-6446

A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. This issue affects some unknown processing of the file /clientdetails/admin/index.php. The manipulation of the argument Username leads to sql injection. The attack may be initiated...

CVE-2025-34030

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to t...

CVE-2025-6310 PHPGurukul Emergency Ambulance Hiring Portal index.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Message leads to sql injection. The attack may be launched remotely...

CVE-2025-6310

PHPGurukul Emergency Ambulance Hiring Portal 1.0 is affected by a SQL injection in /index.php via the Message parameter. The issue can be exploited remotely; reports indicate public disclosure of the exploit. Impact reportedly includes confidentiality, integrity, and availability compromise. Ther...

CVE-2025-45786

Real Estate Management 1.0 is vulnerable to Cross Site Scripting XSS in /store/index.php...

CVE-2025-5628 SourceCodester Food Menu Manager Add Menu index.php cross site scripting

A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument name/description leads to cross site...

CVE-2025-5628

CVE-2025-5628 affects SourceCodester Food Menu Manager 1.0. The vulnerability lies in the Add Menu Handler’s file, specifically the /index.php, where manipulation of the name/description parameter enables a cross-site scripting (XSS) attack. The issue can be triggered remotely and the exploit has...

1000 Projects Online Notice Board 注入漏洞

1000 Projects Online Notice Board is an open source online bulletin board from 1000 Projects. An injection vulnerability exists in version 1.0 of 1000 Projects Online Notice Board, which originates from a SQL injection due to incorrect manipulation of the parameter email in the file /index.php...

PT-2025-22952 · Unknown · Campcodes Advanced Online Voting System

Name of the Vulnerable Software and Affected Versions: Campcodes Advanced Online Voting System version 1.0 Description: A critical issue was found in the system, affecting an unknown part of the file /index.php. The manipulation of the voter argument leads to SQL injection. It is possible to...

CVE-2025-5114 easysoft zentaopms Editor index.php edit deserialization

A vulnerability has been found in easysoft zentaopms 21.520250307 and classified as critical. This vulnerability affects the function Edit of the file /index.php?m=editor&f=edit&filePath=cGhhcjovLy9ldGMvcGFzc3dk&action=edit of the component Committer. The manipulation of the argument filePath lea...

CVE-2024-32236

An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component...

CVE-2024-2917

A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The...

CVE-2024-34453

TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api=readdata=connectivitytest which reaches /system/api.php...

CVE-2024-25304

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."...