110 matches found
PT-2025-38287
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Exam Form Submission version 1.0 Description: A SQL injection issue exists due to the manipulation of the phone argument in the file /user/dashboard.php?page=update profile. The attack can be launched remotely. The explo...
SourceCodester Online Exam Form Submission SQL注入漏洞
SourceCodester Online Exam Form Submission is a SourceCodester open source online exam submission system. A SQL injection vulnerability exists in SourceCodester Online Exam Form Submission version 1.0, which stems from incorrect manipulation of the parameter phone in the file /user/dashboard.php,...
CVE-2025-9832
A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file /routers/register-router.php. Such manipulation of the argument phone leads to sql injection. The attack may be performed from remote. The exploit has been...
CVE-2025-9832
A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file /routers/register-router.php. Such manipulation of the argument phone leads to sql injection. The attack may be performed from remote. The exploit has been...
CVE-2025-9832 SourceCodester Food Ordering Management System register-router.php sql injection
A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file /routers/register-router.php. Such manipulation of the argument phone leads to sql injection. The attack may be performed from remote. The exploit has been...
PT-2025-35613
Name of the Vulnerable Software and Affected Versions: SourceCodester Food Ordering Management System version 1.0 Description: A security issue exists in SourceCodester Food Ordering Management System 1.0. Manipulation of the phone argument in an unknown function within the...
SourceCodester Food Ordering Management System 安全漏洞
SourceCodester Food Ordering Management System is a SourceCodester open source food ordering management system. A security vulnerability exists in SourceCodester Food Ordering Management System version 1.0, which is caused by a SQL injection due to a mishandling of the parameter phone in the file...
Exam Form Submission dashboard.php file SQL injection vulnerability
Exam Form Submission is an exam form. Exam Form Submission suffers from a SQL injection vulnerability that stems from the phone parameter in the /user/dashboard.php file not being securely filtered. No details of the vulnerability are available at this time...
Code-Projects Exam Form Submission 注入漏洞
Exam Form Submission is an exam form. Exam Form Submission suffers from a SQL injection vulnerability that stems from the phone parameter in the /user/dashboard.php file not being securely filtered. No details of the vulnerability are available at this time...
CVE-2025-7102
A vulnerability was found in BoyunCMS up to 1.4.20. It has been declared as critical. This vulnerability affects unknown code of the file application/update/controller/Server.php. The manipulation of the argument phone leads to sql injection. The attack can be initiated remotely. The exploit has...
Library System profile.php File SQL Injection Vulnerability
Library System is a library system. The Library System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter phone in the file /profile.php. An attacker can exploit this vulnerability to execute illegal SQL...
BoyunCMS 安全漏洞
BoyunCMS is an enterprise content management system from China Boyun Boyun Company. A security vulnerability exists in BoyunCMS 1.4.20 and earlier versions, which originates from improper handling of the parameter phone in the file application/update/controller/Server.php, which may lead to SQL...
CVE-2025-6836
A vulnerability classified as critical has been found in code-projects Library System 1.0. Affected is an unknown function of the file /profile.php. The manipulation of the argument phone leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...
Code-Projects Library System 注入漏洞
Library System is a library system. The Library System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter phone in the file /profile.php. An attacker can exploit this vulnerability to execute illegal SQL...
CVE-2022-40347
SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information...
CVE-2025-3800
A vulnerability has been found in WCMS 11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/controllers/AnonymousController.php. The manipulation of the argument mobilephone leads to sql injection. The attack can be launched remotely. The explo...
WCMS 注入漏洞
WCMS is a content management system CMS from the individual developers at Vedegis. An injection vulnerability exists in WCMS version 11, which originates from an SQL injection caused by the operation of the parameter mobilephone in the file app/controllers/AnonymousController.php...
CVE-2025-2808
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Phone Number parameter in all versions up to, and including, 1.4.63 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
PT-2025-11248
Name of the Vulnerable Software and Affected Versions: WPCOM Member plugin for WordPress versions up to, and including, 1.7.6 Description: The issue is related to time-based SQL Injection via the user phone parameter due to insufficient escaping on the user-supplied parameter and lack of sufficie...
CVE-2025-1475
The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'userphone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any existing user on t...