EUVD-2025-208158

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resourcedocumentSQLINJECTIONHERE and POST login parameters found in /main/coursecopy/copycoursesessionselected.php, which allows an attack...

CVE-2025-50189

Chamilo LMS prior to 1.11.30 is vulnerable to an error-based SQL injection arising from insufficient validation of user-supplied data in POST resource[document][SQL_INJECTION_HERE] and in POST login parameters at /main/coursecopy/copy_course_session_selected.php. The vulnerability can allow an at...

CVE-2019-25320 elearning-script 1.0 - Authentication Bypass

E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain...

Code-Projects Online Reviewer System SQL注入漏洞

The Code-Projects Online Reviewer System is an online review system developed by Code-Projects as open source. Version 1.0 of the Code-Projects Online Reviewer System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of parameters username and password in t...

CVE-2019-25233 AVE DOMINAplus 1.10.x Cross-Site Request Forgery and XSS Vulnerabilities

AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to exploit login.php parameters and execute arbitrary scripts in user browser...

Class and Exam Timetable Management /index.php File SQL Injection Vulnerability

Class and Exam Timetable Management is a course and exam timetable management system. Class and Exam Timetable Management suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameters username/password in the file...

PT-2025-47127

Name of the Vulnerable Software and Affected Versions SourceCodester Dental Clinic Appointment Reservation System version 1.0 Description A flaw exists in SourceCodester Dental Clinic Appointment Reservation System that allows for remote SQL injection. Manipulation of the username/password...

CVE-2024-44660

PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and contactno parameters in login.php...

CVE-2024-46334

CVE-2024-46334 affects Kashipara School Management System 1.0. The vulnerability is a Cross Site Scripting (XSS) flaw exploitable through the parameters formuser and formpassword in /adminLogin.php . The root cause is unvalidated/sanitized user input in this login endpoint, enabling scripts to be...

CVE-2024-55016

PHPGurukul Student Record Management System 3.20 is vulnerable to SQL Injection via the id and password parameters in login.php...

CVE-2024-55016

PHPGurukul Student Record Management System 3.20 is vulnerable to SQL Injection via the id and password parameters in login.php...

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient cleanup and escaping of the SERVICE, LOGIN, and PASSWORD parameters, which could be exploited by...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23547)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23560)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23554)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23559)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23550)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23553)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23551)

AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS v25.03, which originates from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the fi...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23548)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...