973 matches found
Code-Projects Online Lot Reservation System 注入漏洞
Code-Projects Online Lot Reservation System is an open-source online reservation system developed by Code-Projects. Versions of the Code-Projects Online Lot Reservation System prior to 1.0 contained a SQL injection vulnerability, which stemmed from the handling of parameters email/password in the...
PT-2026-35436
A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has...
CVE-2026-7063
A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carrie...
CVE-2026-7063
A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carrie...
Code-Projects Employee Management System 注入漏洞
Code-Projects Employee Management System is an open-source employee management system developed by Code-Projects. Version 1.0 of the Code-Projects Employee Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of the pwd parameter in the...
PT-2026-35270
A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carrie...
TOTOLINK A3300R password parameter command injection vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R password parameter, which can be exploited by an attacker to execute arbitrary commands by sending malicious data to the password parameter of...
EUVD-2026-25239
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31159
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31159
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi...
TOTOLINK A3300R 命令注入漏洞
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R password parameter, which can be exploited by an attacker to execute arbitrary commands by sending malicious data to the password parameter of...
PT-2026-34670
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31159
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31159
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31159
The CVE-2026-31159 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. The vulnerability is a command-injection in /cgi-bin/cstecgi.cgi triggered by the password parameter, enabling arbitrary command execution. Base score 6.5 (Medium) with network attack vector, low attack complexity, and n...
CVE-2026-6015 Tenda AC9 POST Request QuickIndex formQuickIndex stack-based overflow
A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely...
CVE-2026-36236
SourceCodester Engineers Online Portal v1.0 is affected by a SQL Injection in update_password.php via the new_password parameter. The CVE-2026-36236 entry has a CVSS v3.1 base score of 9.8 (CRITICAL) with network attack vector, no privileges, no user interaction, and impacts to confidentiality, i...
CVE-2026-36236
SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in updatepassword.php via the newpassword parameter...
CVE-2026-36236
SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in updatepassword.php via the newpassword parameter...
CVE-2026-5669
A vulnerability has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This vulnerability affects unknown code of the file /login.php of the component Parameter Handler. Such manipulation of the argument Password leads to sql injection. It is possibl...