SourceCodester Resort Reservation System SQL注入漏洞

The SourceCodester Resort Reservation System is an open-source resort reservation system developed by SourceCodester. Version 1.0 of the SourceCodester Resort Reservation System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “q” in the file...

SourceCodester Resort Reservation System SQL注入漏洞

The SourceCodester Resort Reservation System is an open-source resort reservation system developed by SourceCodester. Version 1.0 of the SourceCodester Resort Reservation System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “q” in the file...

CVE-2019-25461

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using...

Unmark 代码注入漏洞

Unmark is an open source to-do list application for bookmarking. Unmark 1.9.3 and earlier versions suffer from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by parameter q in the file...

PT-2025-36458

Name of the Vulnerable Software and Affected Versions: WebWork affected versions not specified Description: A Reflected Cross-Site Scripting XSS issue exists in WebWork, potentially enabling remote attackers to execute arbitrary code. The vulnerability is triggered through the q and engine reques...

SourceCodester Advanced School Management System 安全漏洞

SourceCodester Advanced School Management System is an advanced school management system from SourceCodester open source. A security vulnerability exists in SourceCodester Advanced School Management System version 1.0, which originates from a SQL injection due to a misbehavior of parameter q in...

PT-2025-35359

Name of the Vulnerable Software and Affected Versions: SourceCodester Advanced School Management System version 1.0 Description: A SQL injection issue exists in SourceCodester Advanced School Management System 1.0. The vulnerability is located in an unknown function within the /index.php/stock/it...

PHPGurukul COVID19 Testing Management System 代码注入漏洞

The COVID19 Testing Management System is a new crown pneumonia testing management system. COVID19 Testing Management System suffers from a code injection vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by parameter q in file...

PT-2024-17188 · WordPress · G Web Pro Store Locator

Name of the Vulnerable Software and Affected Versions: G Web Pro Store Locator plugin for WordPress versions up to, and including, 2.1 Description: The issue is related to Reflected Cross-Site Scripting via the q parameter due to insufficient input sanitization and output escaping. This allows...

Linkding Cross-Site Scripting Vulnerability

linkding is a self-hosted bookmark manager by the individual developer Sascha Ißbrücker. A cross-site scripting vulnerability exists in linkding version 1.23.0, which stems from a cross-site scripting XSS vulnerability in the parameter q. The vulnerability is caused by the use of the parameter q ...

CVE-2023-45542

Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function...

mooSocial 跨站脚本漏洞

mooSocial is a multi-platform, mobile-ready, user-friendly script from mooSocial, Inc. for building community-driven content sharing and social networking sites. A cross-site scripting vulnerability exists in mooSocial version 3.1.8, which stems from the application's lack of effective filtering...

saemorris TheRadSystem 跨站脚本漏洞

TheRadSystem is a Cmput 391 project by saemorris Individual Developer. A cross-site scripting vulnerability exists in saemorris TheRadSystem, which stems from a problem with an unknown function in the file users.php, which can be exploited by an attacker to manipulate the parameter q to cause...

Frappe Technologies Frappe 跨站脚本漏洞

Frappe Technologies Frappe is a Python, Mariadb-based web development framework with integrated front-end pages from Frappe Technologies, India. A security vulnerability exists in Frappe Technologies Frappe prior to version 2.5.0, which stems from unknown functionality in the component Search in...

Sanitization Management System 跨站脚本漏洞

Sanitization Management System is a sanitization management system by Carlo Montero Personal Developer. A security vulnerability exists in Sanitization Management System, which originates from unknown functionality in the component the file admin/?page=systeminf, and can be exploited by an attack...

WordPress plugin Transposh WordPress Translation 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Transposh WordPress...

Cross-site Scripting (XSS)

Overview whoogle-search is a Self-hosted, ad-free, privacy-respecting metasearch engine Affected versions of this package are vulnerable to Cross-site Scripting XSS via the query string parameter q. In the case where it does not contain the http string, it is used to build the errormessage that i...

EasyService Billing SQL Injection Vulnerability

EasyService Billing is a PHP-based service-oriented consumer business management system . A SQL injection vulnerability exists in the 'q' parameter of the jobcard-ongoing.php file in EasyService Billing version 1.0. A remote attacker can exploit this vulnerability to execute arbitrary SQL command...

Sql injection

A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0...

CVE-2018-11444

A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0...