CVE-2026-10225 raisulislamg4 student_management_system_by_php Login login_check.php sql injection

A vulnerability was detected in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file logincheck.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The...

CVE-2026-10225

A vulnerability was detected in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file logincheck.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The...

EUVD-2026-33558

A vulnerability was detected in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file logincheck.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The...

CVE-2026-10225 raisulislamg4 student_management_system_by_php Login login_check.php sql injection

A vulnerability was detected in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file logincheck.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The...

CVE-2026-10225

The CVE describes a SQL injection in the raisulislamg4 student_management_system_by_php, affecting the Login component via login_check.php when manipulating the Username argument. The issue is exploitable remotely over a NETWORK attack vector with LOW attack complexity and NO privileges required,...

CVE-2026-45620

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

CVE-2026-45620

Technical details for CVE-2026-45620 are not publicly available in the provided connected documents. Monitor for updates.

AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration sibling that survives `d9cdc7024`

CVE-2026-43881 fix d9cdc7024 patched users.json.php only. The same anti-pattern survives at master HEAD in: objects/mention.json.php:17 $ignoreAdmin = true; objects/mention.json.php:18 $users = User::getAllUsers$ignoreAdmin, 'name', 'email', 'user', 'channelName', 'a'; No User::loginCheck, no adm...

GHSA-VPFX-PXQW-2W79 AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration sibling that survives `d9cdc7024`

CVE-2026-43881 fix d9cdc7024 patched users.json.php only. The same anti-pattern survives at master HEAD in: objects/mention.json.php:17 $ignoreAdmin = true; objects/mention.json.php:18 $users = User::getAllUsers$ignoreAdmin, 'name', 'email', 'user', 'channelName', 'a'; No User::loginCheck, no adm...

CVE-2026-6165

A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Logincheck.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made...

CVE-2026-6165

A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Logincheck.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made...

CVE-2026-6165

A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Logincheck.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made...

CVE-2026-6165 code-projects Vehicle Showroom Management System Login_check.php sql injection

A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Logincheck.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made...

CVE-2026-6165

CVE-2026-6165 affects code-projects Vehicle Showroom Management System 1.0. The vulnerability resides in an unknown code path within /util/Login_check.php, where manipulating the argument ID can trigger SQL injection. Attacks can be launched remotely, and the exploit is publicly available (POC). ...

Code-Projects Vehicle Showroom Management System SQL注入漏洞

Code-Projects Vehicle Showroom Management System is an open-source automotive showroom management system developed by Code-Projects. Version 1.0 of the Code-Projects Vehicle Showroom Management System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the...

PT-2026-32276

A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Login check.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made...

BIT-JOOMLA-2026-21629 Joomla! Core - [20260301] - ACL hardening in com_ajax

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...

CVE-2026-21629

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...

CVE-2026-21629

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...

CVE-2026-21629

Joomla Core ACL hardening in com_ajax is documented in JOOMLA-1027, affecting Joomla! CMS versions 3.0.0–5.4.3 and 6.0.0–6.0.3 . The change concerns access control within the com_ajax component; no exploit, vector, or mitigation details are provided in the connected document. No remediation versi...