4663 matches found
Sequence of Processor Instructions Leads to Unexpected Behavior
Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Sequence of Processor Instructions Leads to Unexpected Behavior through the fielddelete process. An attacker can permanently remove...
Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` — incomplete fix of #2024
Summary Commit d37ca6b27b9674238e58491cf7ba292e66898f15 "Delete item not check admin rights 2024", 2026-04-12 added a missing isAdministratorInventory gate to case 'itemdelete': in modules/inventory.php. The same fix was not applied to the sibling case 'fielddelete': handler, which destroys an...
GHSA-XW54-C3MX-9PM3 Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` — incomplete fix of #2024
Summary Commit d37ca6b27b9674238e58491cf7ba292e66898f15 "Delete item not check admin rights 2024", 2026-04-12 added a missing isAdministratorInventory gate to case 'itemdelete': in modules/inventory.php. The same fix was not applied to the sibling case 'fielddelete': handler, which destroys an...
PT-2026-45043
Summary Commit d37ca6b27b9674238e58491cf7ba292e66898f15 "Delete item not check admin rights 2024", 2026-04-12 added a missing isAdministratorInventory gate to case 'item delete': in modules/inventory.php. The same fix was not applied to the sibling case 'field delete': handler, which destroys an...
shopper 安全漏洞
Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the Livewire component in the product editor, which lacked authorization for the store method. Any...
CVE-2026-9445
A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible...
CVE-2026-9444
A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be launched remotely...
CVE-2026-9302
A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of the component VpsTest Console. Executing a manipulation of the argument vf can lead to code...
CVE-2026-9447
A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has be...
CVE-2026-9447
A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has be...
EUVD-2026-31663
A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has be...
CVE-2026-9447
A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has be...
CVE-2026-9446 SourceCodester Simple POS and Inventory System edit_customer.php sql injection
A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/editcustomer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed t...
EUVD-2026-31660
A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/editcustomer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed t...
CVE-2026-9445
CVE-2026-9445 affects SourceCodester Simple POS and Inventory System 1.0. The vulnerability is in an unrestricted upload through the /admin/addproduct.php file (File Extension Handler); manipulating the image argument enables remote code upload. Impact and exploitation details indicate remote exp...
CVE-2026-9445 SourceCodester Simple POS and Inventory System File Extension addproduct.php unrestricted upload
A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible...
CVE-2026-9444 SourceCodester Simple POS and Inventory System GET Parameter deleteproduct.php delete sql injection
A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be launched remotely...
CVE-2026-9444 SourceCodester Simple POS and Inventory System GET Parameter deleteproduct.php delete sql injection
A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be launched remotely...
EUVD-2026-31657
A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be launched remotely...
CVE-2026-9444
SourceCodester Simple POS and Inventory System 1.0 is affected in /admin/deleteproduct.php (GET Parameter Handler). The vulnerability occurs when the ID argument is manipulated, resulting in SQL injection. The issue may be exploited remotely and the exploit is public. No additional technical deta...