Lucene search
K

110 matches found

Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.9 views

PT-2025-38287

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Exam Form Submission version 1.0 Description: A SQL injection issue exists due to the manipulation of the phone argument in the file /user/dashboard.php?page=update profile. The attack can be launched remotely. The explo...

6.5CVSS6.5AI score0.00308EPSS
Exploits1References10
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.15 views

SourceCodester Online Exam Form Submission SQL注入漏洞

SourceCodester Online Exam Form Submission is a SourceCodester open source online exam submission system. A SQL injection vulnerability exists in SourceCodester Online Exam Form Submission version 1.0, which stems from incorrect manipulation of the parameter phone in the file /user/dashboard.php,...

8.8CVSS6.9AI score0.00308EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/09/04 9:32 p.m.15 views

CVE-2025-9832

A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file /routers/register-router.php. Such manipulation of the argument phone leads to sql injection. The attack may be performed from remote. The exploit has been...

9.8CVSS7.2AI score0.00415EPSS
Exploits1References1
OSV
OSV
added 2025/09/02 9:15 p.m.5 views

CVE-2025-9832

A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file /routers/register-router.php. Such manipulation of the argument phone leads to sql injection. The attack may be performed from remote. The exploit has been...

9.8CVSS5.7AI score0.00415EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/09/02 8:32 p.m.12 views

CVE-2025-9832 SourceCodester Food Ordering Management System register-router.php sql injection

A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file /routers/register-router.php. Such manipulation of the argument phone leads to sql injection. The attack may be performed from remote. The exploit has been...

7.5CVSS0.00415EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/09/02 12:0 a.m.7 views

PT-2025-35613

Name of the Vulnerable Software and Affected Versions: SourceCodester Food Ordering Management System version 1.0 Description: A security issue exists in SourceCodester Food Ordering Management System 1.0. Manipulation of the phone argument in an unknown function within the...

9.8CVSS7.2AI score0.00415EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/09/02 12:0 a.m.4 views

SourceCodester Food Ordering Management System 安全漏洞

SourceCodester Food Ordering Management System is a SourceCodester open source food ordering management system. A security vulnerability exists in SourceCodester Food Ordering Management System version 1.0, which is caused by a SQL injection due to a mishandling of the parameter phone in the file...

9.8CVSS7.8AI score0.00415EPSS
Exploits1References7
CNVD
CNVD
added 2025/07/28 12:0 a.m.3 views

Exam Form Submission dashboard.php file SQL injection vulnerability

Exam Form Submission is an exam form. Exam Form Submission suffers from a SQL injection vulnerability that stems from the phone parameter in the /user/dashboard.php file not being securely filtered. No details of the vulnerability are available at this time...

9.8CVSS8.1AI score0.00498EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/07/27 12:0 a.m.4 views

Code-Projects Exam Form Submission 注入漏洞

Exam Form Submission is an exam form. Exam Form Submission suffers from a SQL injection vulnerability that stems from the phone parameter in the /user/dashboard.php file not being securely filtered. No details of the vulnerability are available at this time...

9.8CVSS8AI score0.00498EPSS
Exploits1References6
OSV
OSV
added 2025/07/07 1:15 a.m.4 views

CVE-2025-7102

A vulnerability was found in BoyunCMS up to 1.4.20. It has been declared as critical. This vulnerability affects unknown code of the file application/update/controller/Server.php. The manipulation of the argument phone leads to sql injection. The attack can be initiated remotely. The exploit has...

9.8CVSS5.7AI score0.00302EPSS
Exploits0References4
CNVD
CNVD
added 2025/07/07 12:0 a.m.1 views

Library System profile.php File SQL Injection Vulnerability

Library System is a library system. The Library System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter phone in the file /profile.php. An attacker can exploit this vulnerability to execute illegal SQL...

9.8CVSS8.3AI score0.00399EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.23 views

BoyunCMS 安全漏洞

BoyunCMS is an enterprise content management system from China Boyun Boyun Company. A security vulnerability exists in BoyunCMS 1.4.20 and earlier versions, which originates from improper handling of the parameter phone in the file application/update/controller/Server.php, which may lead to SQL...

9.8CVSS6.8AI score0.00302EPSS
Exploits0References4
OSV
OSV
added 2025/06/29 1:15 a.m.10 views

CVE-2025-6836

A vulnerability classified as critical has been found in code-projects Library System 1.0. Affected is an unknown function of the file /profile.php. The manipulation of the argument phone leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

9.8CVSS5.8AI score0.00399EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/06/29 12:0 a.m.7 views

Code-Projects Library System 注入漏洞

Library System is a library system. The Library System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter phone in the file /profile.php. An attacker can exploit this vulnerability to execute illegal SQL...

9.8CVSS8.2AI score0.00399EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/22 11:26 p.m.4 views

CVE-2022-40347

SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information...

9.8CVSS9.8AI score0.05348EPSS
Exploits5References1
OSV
OSV
added 2025/04/19 12:15 p.m.5 views

CVE-2025-3800

A vulnerability has been found in WCMS 11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/controllers/AnonymousController.php. The manipulation of the argument mobilephone leads to sql injection. The attack can be launched remotely. The explo...

9.8CVSS5.8AI score0.00567EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/04/19 12:0 a.m.5 views

WCMS 注入漏洞

WCMS is a content management system CMS from the individual developers at Vedegis. An injection vulnerability exists in WCMS version 11, which originates from an SQL injection caused by the operation of the parameter mobilephone in the file app/controllers/AnonymousController.php...

9.8CVSS7.8AI score0.00567EPSS
Exploits1References4
OSV
OSV
added 2025/04/08 10:15 a.m.4 views

CVE-2025-2808

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Phone Number parameter in all versions up to, and including, 1.4.63 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

5.4CVSS7.4AI score0.0021EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/03/14 12:0 a.m.8 views

PT-2025-11248

Name of the Vulnerable Software and Affected Versions: WPCOM Member plugin for WordPress versions up to, and including, 1.7.6 Description: The issue is related to time-based SQL Injection via the user phone parameter due to insufficient escaping on the user-supplied parameter and lack of sufficie...

7.5CVSS7.4AI score0.01708EPSS
Exploits0References15
NVD
NVD
added 2025/03/07 7:15 a.m.19 views

CVE-2025-1475

The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'userphone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any existing user on t...

9.8CVSS0.00597EPSS
Exploits0References3
Rows per page
Query Builder