2300 matches found
CVE-2025-1611
A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit ha...
CVE-2025-1611 ShopXO Template ThemeAdminService.php injection
A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit ha...
CVE-2025-1611
ShopXO up to version 6.4.0 is affected by an injection vulnerability in the Template Handler component, specifically within the file app/service/ThemeAdminService.php. The issue is caused by input handling that allows remote exploitation; authenticated administrators can exploit by uploading a ma...
PT-2025-9194
Name of the Vulnerable Software and Affected Versions TOTOLINK X18 version 9.1.0cu.2024 B20220329 Description A critical issue exists in the setMtknatCfg function within the /cgi-bin/cstecgi.cgi file of the TOTOLINK X18 device. Manipulation of the mtkhnatEnable argument can lead to operating syst...
PT-2025-6847 · Sourcecodester · Sourcecodester Best Church Management
Name of the Vulnerable Software and Affected Versions: SourceCodester Best Church Management Software version 1.1 Description: A critical issue has been found in the software, affecting an unknown function of the file /admin/edit slider.php. The manipulation of the id argument leads to SQL...
CVE-2016-15004
A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...
PT-2025-6882 · Totolink · Totolink X18
Name of the Vulnerable Software and Affected Versions: TOTOLINK X18 version 9.1.0cu.2024 B20220329 Description: A critical issue affects the setL2tpdConfig function of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be initiated...
CVE-2024-8081
A vulnerability classified as critical was found in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has...
CVE-2025-0873
A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /customeredit.php. The manipulation of the argument id/address/fullname/phonenumber/email/city/comment leads to sql injection. T...
CVE-2025-0872
A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file /addpayment.php. The manipulation of the argument id/amount/desc/inccat leads to sql injection. It is possible to launch the attack remotely. The...
CVE-2025-0697
Telstra Smart Modem Gen 2 (up to 20250115) is affected by a vulnerability in the HTTP Header Handler where manipulation of the Content-Disposition argument leads to injection. The issue can be triggered remotely. Affected component/file: HTTP Header Handler; root cause described as Content-Dispos...
PT-2025-4006 · Telstra · Telstra Smart Modem Gen 2
Name of the Vulnerable Software and Affected Versions: Telstra Smart Modem Gen 2 up to 20250115 Description: A problematic issue was found in the HTTP Header Handler component. The manipulation of the Content-Disposition argument leads to injection. This issue can be initiated remotely. The vendo...
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes, related to the failure to protect the SQL request structure, allows attackers to execute SQL injections.
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes is related to the lack of measures taken to protect the SQL request structure. Exploiting this vulnerability allows a malicious actor to execute SQL injections remotely...
CVE-2025-0299
A vulnerability classified as critical has been found in code-projects Online Book Shop 1.0. Affected is an unknown function of the file /searchresult.php. The manipulation of the argument s leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to th...
PT-2025-3800 · Unknown · Code-Projects Responsive Hotel Site
Name of the Vulnerable Software and Affected Versions: code-projects Responsive Hotel Site version 1.0 Description: A critical vulnerability was found in the code-projects Responsive Hotel Site. The issue affects an unknown function of the file /admin/print.php. Manipulation of the pid argument...
CVE-2025-0210
A vulnerability has been found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be...
CVE-2025-0205
A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /details2.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...
CVE-2025-0201
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/updateaccount.php. The manipulation of the argument username leads to sql injection. The attack may be...
CVE-2025-0200
A vulnerability has been found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /user/searchnum.php. The manipulation of the argument search leads to sql injection. The attack can...
CVE-2024-13092
A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. This vulnerability affects unknown code of the file /parse/calljob/searchajax.php of the component Job Post Handler. The manipulation of the argument n leads to sql injection. The attack can be initiated...