106 matches found
CVE-2024-2268
A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. It has been classified as critical. Affected is an unknown function of the file /productupdate.php?update=1. The manipulation of the argument updateimage leads to unrestricted upload. It is possible to launch the attack...
CVE-2025-41021
Stored Cross-Site Scripting XSS in Sergestec's Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'obs' parameter in '/admin/index.php?action=productupdate'. This vulnerability could allow a remote user to send a specially...
CVE-2025-41021
Stored Cross-Site Scripting XSS in Sergestec's Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'obs' parameter in '/admin/index.php?action=productupdate'. This vulnerability could allow a remote user to send a specially...
CVE-2025-41021
Stored Cross-Site Scripting XSS in Sergestec's Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'obs' parameter in '/admin/index.php?action=productupdate'. This vulnerability could allow a remote user to send a specially...
EUVD-2025-34732
Stored Cross-Site Scripting XSS in Sergestec's Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'obs' parameter in '/admin/index.php?action=productupdate'. This vulnerability could allow a remote user to send a specially...
CVE-2025-41021
The CVE-2025-41021 entry describes a Stored Cross-Site Scripting (XSS) in Sergestec’s Exito v8.0. The root cause is lack of proper validation of user input in a POST to /admin/index.php?action=product_update via the obs parameter, enabling a stored XSS payload. Impact stated includes the possibil...
EUVD-2023-57708
Malicious code in bioql PyPI...
EUVD-2023-39112
Malicious code in bioql PyPI...
EUVD-2023-12483
Malicious code in bioql PyPI...
EUVD-2024-33361
Malicious code in bioql PyPI...
Modern Bag product-update.php file SQL Injection Vulnerability
Modern Bag is an online management system. Modern Bag suffers from a SQL injection vulnerability that stems from an error in the parameter idProduct in the file /admin/product-update.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to...
CVE-2025-7537
A vulnerability classified as critical has been found in Campcodes Sales and Inventory System 1.0. This affects an unknown part of the file /pages/productupdate.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...
CampCodes Sales and Inventory System 代码问题漏洞
CampCodes Sales and Inventory System is a sales and inventory system from CampCodes, Inc. A code issue vulnerability exists in version 1.0 of the Campcodes Sales and Inventory System, which stems from an incorrect manipulation of the parameter image in the file /pages/productupdate.php resulting ...
CampCodes Sales and Inventory System 注入漏洞
CampCodes Sales and Inventory System is a sales and inventory system from CampCodes, Inc. An injection vulnerability exists in Campcodes Sales and Inventory System version 1.0, which stems from SQL injection due to incorrect manipulation of the parameter ID in the file /pages/productupdate.php...
Code-Projects Modern Bag 注入漏洞
Modern Bag is an online management system. Modern Bag suffers from a SQL injection vulnerability that stems from an error in the parameter idProduct in the file /admin/product-update.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to...
Advanced Online Voting System
Campcodes Complete Sales and Inventory System V1.0 /pages/prod...
PT-2025-24480 · Woobewoo · Wbw Product Table Pro
Name of the Vulnerable Software and Affected Versions: woobewoo WBW Product Table PRO versions 2.1.3 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...
CVE-2019-18955
The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Product vulnerability has been fixed and disclosed within changelog as of 02 Dec 2019...
CVE-2018-20559
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter...
CVE-2025-4886
A vulnerability classified as critical was found in itsourcecode Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/productupdate.php. The manipulation of the argument serial leads to sql injection. The attack can be launched remotely. Th...