CVE-2026-2356

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'registermember' function, due to missing validation on the 'memberid' user...

PT-2026-22113

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2 via the 'register member' function, due to missing validation on the 'member id' user...

PT-2026-20467

CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete members.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter...

CVE-2025-14052 youlaitech youlai-mall members getMemberById access control

A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected by this vulnerability is the function getMemberById of the file /mall-ums/app-api/v1/members/. The manipulation of the argument memberId leads to improper access controls. The attack is possible to be carried out...

youlai-mall 访问控制错误漏洞

youlai-mall is a full-stack mall system by youlaitech open source. An access control error vulnerability exists in youlai-mall version 1.0.0 and 2.0.0, which stems from incorrect manipulation of the parameter memberId in the file /mall-ums/app-api/v1/members, which could lead to improper access...

itsourcecode Gym Management System 安全漏洞

itsourcecode Gym Management System is an open source gym management system by itsourcecode. A security vulnerability exists in itsourcecode Gym Management System version 1.0, which is caused by SQL injection due to the operation of the parameter memberid in the file /ajax.php?action=saveschedule...

CVE-2025-4195

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /ajax.php?action=savemember. The manipulation of the argument umemberid leads to sql injection. The attack can be initiated remotely. The...

Code-Projects Blood Bank Management System 注入漏洞

Code-Projects Blood Bank Management System is a Code-Projects open source blood bank management system. An injection vulnerability exists in Code-Projects Blood Bank Management System version 1.0, which stems from an incorrect manipulation of the parameter memberid that can lead to SQL injection...

CVE-2023-4846

A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been rated as critical. This issue affects some unknown processing of the file deletemember.php. The manipulation of the argument memid leads to sql injection. The attack may be initiated remotely. The exploit has be...

Muslim Matrimonial Script SQL Injection Vulnerability

Muslim Matrimonial Script is a community matrimonial script for matrimonial websites by PHP Scripts Mall. PHP Scripts Mall Muslim Matrimonial Script has a SQL injection vulnerability. The vulnerability can be exploited to conduct SQL injection attacks via the view-profile.php memid parameter...

CVE-2017-17983

PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php memid parameter...

CVE-2017-6575

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/editmember.php with the GET Parameter: memberid...

PT-2012-5159 · Pbboard · Pbboard

Name of the Vulnerable Software and Affected Versions: PBBoard version 2.1.4 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including the username parameter to the "send page", the email parameter to the "forget page"...

PT-2012-5160 · Pbboard · Pbboard

Name of the Vulnerable Software and Affected Versions: PBBoard version 2.1.4 Description: The issue allows remote attackers to change the password of arbitrary user accounts. This is achieved by exploiting the new password page, specifically through the member id and new password parameters to th...

micecms a"tasteless"vulnerability and the Fix attached to the EXP-bug warning-the black bar safety net

| Not to say thisloophole. what are the requirements but directly change the administrator password such as you into the background after the real administrator are not more don't know the new password is what, so only tasteless Classic white look at the code！.......... index\setpwdAction.php The...

iWiccle 1.01 Local File Inclusion / SQL Injection

iWiccle 1.01 LFI/SQL Multiple Remote Vulnerabilities + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org + Download : http://www.wiccle.com/index.php?module=wiccle&show=download + Local File Inclusion - PoC's...

DigitalHive 2.0 RC2 - 'user_id' SQL Injection

body margin:3%; font-size:10px; color:FFFFFF; font-family:Verdana,Arial; background-color:1a1a1a; text-align: center; input background:303030; color:FFFFFF; font-family:Verdana,Arial; font-size:10px; vertical-align:middle; border-left:1px solid 5d5d5d; border-right:1px solid 121212;...

Invision Power Board SQL Toolbox多个安全漏洞

Invision Power Board是一个非常流行的PHP论坛程序。 IPB的Toolbox在处理请求时存在漏洞，远程攻击者可能利用此漏洞非授权访问数据库。 如果管理员能够访问Invision Power Board的SQL Toolbox，且在浏览器中浏览了恶意图形，就可能被重新定向通过SQL Toolbox强制执行SQL命令。这种攻击很难被发现，因为仅有图形而不是页面被重新定向。 Invision PS IPB = 2.1.7 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.invisionpower.com/...

Invision Gallery 2.0.7 - 'readfile()' / SQL Injection

/ | || || | | |/ / | || | | / - | | ' 2.0.7 ReadFile & SQL injection exploit +-------------+ | Uzage: | +-------------+ + ReadFile: - syntax: readfile 1 readfile 2 // try it if readfile1 failed ; - params: - path to local file ../file, for example: ../../../../../etc/passwd s0, if u want to get...

Invision Gallery <= 2.0.7 ReadFile() & SQL Injection Exploit

No description provided by source. / | || || | | |/ / | || | | / - | | ' | ' | / | ' \ - |||||||\|||, |||// hellknights.void.ru |/ coded by 1nf3ct0r Invision Gallery = 2.0.7 ReadFile & SQL injection exploit +-------------+ | Uzage: | +-------------+ + ReadFile: - syntax: readfile 1 host...