CVE-2026-36236

SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in updatepassword.php via the newpassword parameter...

CVE-2026-36236

SourceCodester Engineers Online Portal v1.0 is affected by a SQL Injection in update_password.php via the new_password parameter. The CVE-2026-36236 entry has a CVSS v3.1 base score of 9.8 (CRITICAL) with network attack vector, no privileges, no user interaction, and impacts to confidentiality, i...

CVE-2026-36236

SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in updatepassword.php via the newpassword parameter...

EUVD-2025-200225

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...

CVE-2025-54403

Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related ...

EUVD-2025-32858

Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related ...

CVE-2025-54403

Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is related ...

PT-2025-41004

Name of the Vulnerable Software and Affected Versions Planet WGR-500 version 1.3411b190912 Description Multiple OS command injection flaws exist in the swctrl functionality. A crafted network request can result in arbitrary command execution. The new password request parameter is involved in...

Wavlink WL-WN578W2 授权问题漏洞

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. An authorization issue vulnerability exists in Wavlink WL-WN578W2 version 221110, which stems from improper privilege management of the parameter newpass/confpass in the file /sysinit.html, which can be exploited by an attacker t...

CVE-2025-8931

A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is an unknown function of the file ChangePassword.java. The manipulation of the argument newPassTxt leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to...

Code-Projects Electricity Billing System 注入漏洞

Code-Projects Electricity Billing System is a Code-Projects open source electricity billing system. An injection vulnerability exists in Code-Projects Electricity Billing System version 1.0, which originates from a SQL injection due to the incorrect operation of the parameter newpassword in the...

CVE-2023-2643

A vulnerability classified as critical was found in SourceCodester File Tracker Manager System 1.0. This vulnerability affects unknown code of the file register/updatepassword.php of the component POST Parameter Handler. The manipulation of the argument newpassword leads to sql injection. The...

PT-2012-5160 · Pbboard · Pbboard

Name of the Vulnerable Software and Affected Versions: PBBoard version 2.1.4 Description: The issue allows remote attackers to change the password of arbitrary user accounts. This is achieved by exploiting the new password page, specifically through the member id and new password parameters to th...