CVE-2026-7856

CVE-2026-7856 affects D-Link DI-8100 Web Management Interface; a buffer overflow in /url_member.asp when manipulating the Name parameter can be triggered remotely. An exploit has been published; details on remediation/patch are not provided in the available documents.

D-Link DI-8003 安全漏洞

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DI-8003. The vulnerability stems from the name parameter in the /urlmember.asp endpoint failing to properly validate the length and size of the input data, which can be...

CVE-2025-11475

A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /viewmember.php. Executing a manipulation of the argument userid can lead to sql injection. The attack can be launched remotely. The exploit has...

CVE-2025-11475

A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /viewmember.php. Executing a manipulation of the argument userid can lead to sql injection. The attack can be launched remotely. The exploit has...

PT-2025-41252

Name of the Vulnerable Software and Affected Versions projectworlds Advanced Library Management System version 1.0 Description A flaw exists in projectworlds Advanced Library Management System that allows for remote code execution. The issue is related to the manipulation of the user id argument...

itsourcecode Gym Management System 注入漏洞

itsourcecode Gym Management System is an open source gym management system from itsourcecode. An injection vulnerability exists in version 1.0 of itsourcecode Gym Management System, which results from SQL injection due to incorrect manipulation of the parameter ID in the file /viewmember.php...

CVE-2024-46236

CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting XSS via the address parameter in addmembers.php and editmember.php...

SeaCMS 跨站请求伪造漏洞

SeaCMS is a free, open source web content management system written in PHP by SeaCMS, Inc. The system is primarily designed to manage video-on-demand resources. A cross-site request forgery vulnerability exists in SeaCMS version 13.0, which stems from the fact that manipulation of the parameters...

CVE-2023-44484

Online Blood Donation Management System v1.0 is vulnerable to a Stored Cross-Site Scripting vulnerability. The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php...

PT-2023-32026 · Unknown · Online Blood Donation Management System

Name of the Vulnerable Software and Affected Versions: Online Blood Donation Management System version 1.0 Description: The issue concerns multiple Store Cross-Site Scripting vulnerabilities. The city parameter of the "users/register.php" resource is copied into the "users/member.php" document as...

CVE-2022-30376

Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/members/viewmember.php?id=...

CVE-2022-30376

Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/members/viewmember.php?id=...

CVE-2022-25096

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/viewmember.php...

CVE-2022-25096

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/viewmember.php...

SQL Injection Vulnerability in BEESCMS Frontend member.php and order_save.php Pages

BEESCMS is an enterprise website management system based on PHP+Mysql architecture. A SQL injection vulnerability exists in the BEESCMS frontend member.php and ordersave.php pages. An attacker can exploit the vulnerability to obtain sensitive database information...

SQL Injection Vulnerability in PHPMyWind member.php File

PHPMyWind is a PHP MySQL-based development , W3C-compliant building engine . A SQL injection vulnerability exists in the PHPMyWind member.php file. The vulnerability is due to the $sql variable being passed in directly by a parameter, allowing an attacker to exploit the vulnerability to obtain...

Cross-site scripting vulnerability in the member.php page of UQCMS cloud commerce system

UQCMS cloud business system is a B2B2C e-commerce software that the program uses PHP+MYSQL and the template uses smarty. The UQCMS member.php page contains a cross-site scripting vulnerability that can be exploited by attackers to insert malicious code to pop-up boxes and obtain user cookies and...

greece-athens.com XSS vulnerability

Open Bug Bounty ID: OBB-423924 Description| Value ---|--- Affected Website:| greece-athens.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

NIUSHOP open source mall system front '/member.php' page there are arbitrary file upload vulnerabilities

NiuShop open source mall system is by Shanxi Niu Cool Information Technology Co., Ltd. completely independent design, research and development of a PHP open source e-commerce system . NIUSHOP open source mall system front '/member.php' page there are arbitrary file upload vulnerability . As the...

S-CMS v3.0 build20170522 exists foreground arbitrary user password reset vulnerability

S-CMS is a corporate website building system developed by Zibo Shining Network Technology Co. S-CMS v3.0 build20170522 /member/membersetpwd.asp page exists in the foreground any user password reset vulnerability, allowing an attacker to use the vulnerability to reset the foreground any user...