CVE-2026-10170

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

CVE-2026-10170

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

CVE-2026-10170 code-projects Visitor Management System phone_0.php sql injection

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

CVE-2026-10170

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

CVE-2026-10170 code-projects Visitor Management System phone_0.php sql injection

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

EUVD-2026-27201

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

CVE-2026-6696

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

CVE-2026-6696

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

CVE-2026-6696 Zingaya Click-to-Call <= 1.0 - Reflected Cross-Site Scripting via 'email' Parameter

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

CVE-2026-6696

CVE-2026-6696 concerns the Zingaya Click-to-Call plugin for WordPress. The connected documents confirm a Reflected Cross-Site Scripting vulnerability on the plugin’s sign-up admin page, affecting all versions up to and including 1.0. The root cause is insufficient input sanitization and output es...

CVE-2026-6696 Zingaya Click-to-Call <= 1.0 - Reflected Cross-Site Scripting via 'email' Parameter

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

PT-2026-36957

Name of the Vulnerable Software and Affected Versions Zingaya Click-to-Call versions prior to 1.1 Description Insufficient input sanitization and output escaping in the sign-up admin page allow unauthenticated attackers to inject arbitrary web scripts. This occurs via the 'email', 'first name',...

Warranty Tracking System SQL注入漏洞

The Warranty Tracking System is a warranty record management system developed by Warranty Tracking Company. Version 11.06.3 of the Warranty Tracking System contains an SQL injection vulnerability. This vulnerability stems from the txtCustomerCode, txtCustomerName, and txtPhone parameters, which m...

CVE-2025-41006

Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘/memsdemo/login.php’...

CVE-2025-41006

Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘/memsdemo/login.php’...

CVE-2025-41006 Multiple vulnerabilities in Imaster products Open configuration options

Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘/memsdemo/login.php’...

CVE-2025-41006 Multiple vulnerabilities in Imaster products Open configuration options

Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘/memsdemo/login.php’...

EUVD-2026-1937

Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘/memsdemo/login.php’...

CVE-2025-41006

CVE-2025-41006 affects Imaster MEMS Events CRM with an SQL injection in the phone parameter of the /memsdemo/login.php API. Multiple sources confirm the vulnerability and describe it as allowing full database access without authentication. The issue is centered on the phone input, enabling arbitr...

MEMS - Events CRM SQL注入漏洞

MEMS - Events CRM is a Customer Relationship Management system by the individual developer Nzioka Victor. A SQL injection vulnerability exists in MEMS - Events CRM, which originates from a SQL injection vulnerability in the phone parameter in /memsdemo/login.php...