276 matches found
PT-2026-21478
A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...
CVE-2026-2820
The vulnerability CVE-2026-2820 affects Fujian Smart Integrated Management Platform System (firmware/version up to 7.5). The issue lies in processing of the file /Module/CRXT/Controller/XAccessPermissionPlus.ashx where manipulating the DeviceIDS argument triggers an SQL injection. Attack vector i...
CVE-2026-2691 itsourcecode Event Management System manage_register.php sql injection
A vulnerability has been found in itsourcecode Event Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/manageregister.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-2682 Tsinghua Unigroup Electronic Archives System prinReport.html sql injection
A vulnerability has been found in Tsinghua Unigroup Electronic Archives System up to 3.2.21080262532. Impacted is an unknown function of the file /mine/PublicReport/prinReport.html?token=java. Such manipulation of the argument comid leads to sql injection. The attack can be launched remotely. The...
CVE-2026-2217
A vulnerability was found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/manageuser.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be us...
CVE-2026-2199
A security flaw has been discovered in code-projects Online Reviewer System 1.0. The impacted element is an unknown function of the file /reviewer/system/system/admins/manage/users/user-delete.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated...
CVE-2026-2190
A security flaw has been discovered in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/user/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been released to the...
CVE-2026-2173
A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely...
CVE-2026-2134
A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has bee...
CVE-2026-2116
A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/editexpenses.php. Such manipulation of the argument expensesid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to t...
CVE-2026-2073
A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/user/index.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclos...
PT-2026-6937
Name of the Vulnerable Software and Affected Versions itsourcecode Society Management System version 1.0 Description A flaw exists in itsourcecode Society Management System version 1.0 that allows for remote SQL injection. The issue is located in the /admin/edit activity.php file, specifically...
CVE-2026-2012
A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /ramonsys/facultyloading/index.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly...
CVE-2021-47916
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-1594
A security vulnerability has been detected in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/addexpenses.php. The manipulation of the argument detail leads to sql injection. Remote exploitation of the attack is possible. The...
PT-2026-5297
Name of the Vulnerable Software and Affected Versions itsourcecode School Management System version 1.0 Description A flaw exists in itsourcecode School Management System that allows for remote manipulation of the ID argument in the file /ramonsys/faculty/index.php, leading to a SQL injection. Th...
CVE-2026-1535
CVE-2026-1535 affects code-projects Online Music Site 1.0. The vulnerability exists in the file /Administrator/PHP/AdminReply.php, where manipulation of the ID argument leads to an SQL injection. This is remotely exploitable (network vector) and, per connected sources, the exploit has been public...
PT-2026-5225
Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0 Description A security issue exists in code-projects Online Music Site 1.0. Manipulation of the ID argument in the file /Administrator/PHP/AdminReply.php can lead to SQL injection. This issue is...
CVE-2026-1120
CVE-2026-1120 affects Yonyou KSOA 9.0. The vulnerable element is the HTTP GET Parameter Handler in /worksheet/del_work.jsp; manipulating the ID parameter yields SQL injection. The issue is remotely exploitable and the exploit has been publicly disclosed. Vendors were contacted early but did not r...
CVE-2026-1118
A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/addactivity.php. Performing a manipulation of the argument Title results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and m...