Lucene search
K

973 matches found

CNNVD
CNNVD
added 2026/04/27 12:0 a.m.8 views

Code-Projects Online Lot Reservation System 注入漏洞

Code-Projects Online Lot Reservation System is an open-source online reservation system developed by Code-Projects. Versions of the Code-Projects Online Lot Reservation System prior to 1.0 contained a SQL injection vulnerability, which stemmed from the handling of parameters email/password in the...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.20 views

PT-2026-35436

A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

7.5CVSS5.5AI score0.00254EPSS
Exploits0References6
NVD
NVD
added 2026/04/26 11:16 p.m.10 views

CVE-2026-7063

A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carrie...

7.5CVSS0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/26 10:30 p.m.2 views

CVE-2026-7063

A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carrie...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.10 views

Code-Projects Employee Management System 注入漏洞

Code-Projects Employee Management System is an open-source employee management system developed by Code-Projects. Version 1.0 of the Code-Projects Employee Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of the pwd parameter in the...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.7 views

PT-2026-35270

A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carrie...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References6
CNVD
CNVD
added 2026/04/24 12:0 a.m.8 views

TOTOLINK A3300R password parameter command injection vulnerability

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R password parameter, which can be exploited by an attacker to execute arbitrary commands by sending malicious data to the password parameter of...

6.5CVSS6AI score0.00279EPSS
Exploits1
EUVD
EUVD
added 2026/04/23 6:33 p.m.13 views

EUVD-2026-25239

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi...

6.5CVSS6.1AI score0.00279EPSS
Exploits1References2
NVD
NVD
added 2026/04/23 6:16 p.m.8 views

CVE-2026-31159

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi...

6.5CVSS0.00279EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/23 12:0 a.m.33 views

CVE-2026-31159

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi...

0.00279EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.10 views

TOTOLINK A3300R 命令注入漏洞

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R password parameter, which can be exploited by an attacker to execute arbitrary commands by sending malicious data to the password parameter of...

6.5CVSS6AI score0.00279EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.7 views

PT-2026-34670

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi...

6.5CVSS6.1AI score0.00279EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/23 12:0 a.m.4 views

CVE-2026-31159

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi...

6.5CVSS6.1AI score0.00279EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/23 12:0 a.m.6 views

CVE-2026-31159

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi...

6.1AI score0.00279EPSS
Exploits1References1
CVE
CVE
added 2026/04/23 12:0 a.m.17 views

CVE-2026-31159

The CVE-2026-31159 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. The vulnerability is a command-injection in /cgi-bin/cstecgi.cgi triggered by the password parameter, enabling arbitrary command execution. Base score 6.5 (Medium) with network attack vector, low attack complexity, and n...

6.5CVSS6.1AI score0.00279EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 4:45 a.m.3 views

CVE-2026-6015 Tenda AC9 POST Request QuickIndex formQuickIndex stack-based overflow

A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely...

9CVSS8AI score0.00811EPSS
Exploits1References5
CVE
CVE
added 2026/04/10 12:0 a.m.13 views

CVE-2026-36236

SourceCodester Engineers Online Portal v1.0 is affected by a SQL Injection in update_password.php via the new_password parameter. The CVE-2026-36236 entry has a CVSS v3.1 base score of 9.8 (CRITICAL) with network attack vector, no privileges, no user interaction, and impacts to confidentiality, i...

9.8CVSS5.9AI score0.00319EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/10 12:0 a.m.27 views

CVE-2026-36236

SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in updatepassword.php via the newpassword parameter...

0.00319EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/10 12:0 a.m.4 views

CVE-2026-36236

SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in updatepassword.php via the newpassword parameter...

5.9AI score0.00319EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/07 5:6 p.m.5 views

CVE-2026-5669

A vulnerability has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This vulnerability affects unknown code of the file /login.php of the component Parameter Handler. Such manipulation of the argument Password leads to sql injection. It is possibl...

7.5CVSS5.7AI score0.00259EPSS
Exploits0References1
Rows per page
Query Builder