2295 matches found
CVE-2025-12853 SourceCodester Best House Rental Management System admin_class.php delete_house sql injection
A vulnerability was determined in SourceCodester Best House Rental Management System 1.0. This affects the function deletehouse of the file /adminclass.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly...
PT-2025-45465
Name of the Vulnerable Software and Affected Versions DedeBIZ versions up to 6.3.2 Description A flaw exists in DedeBIZ that allows for remote SQL injection. This issue is related to the manipulation of the flags argument within the /admin/spec add.php file. The exploit for this issue has been...
CVE-2025-63713
Cross-Site Scripting XSS vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to properly sanitize user-supplied input in test...
News Portal settings.py File Information Disclosure Vulnerability
News Portal is a news portal. News Portal suffers from an information disclosure vulnerability that originates from an unknown function in the /onps/settings.py file that fails to properly handle sensitive data. The vulnerability can be exploited to insert sensitive information into debugging cod...
CVE-2025-12598
A flaw has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is the function savetenant of the file /adminclass.php. Executing manipulation of the argument firstname can lead to sql injection. The attack can be launched remotely. The exploit has been...
CVE-2025-12617
A flaw has been found in itsourcecode Billing System 1.0. This affects an unknown function of the file /admin/app/logincrud.php. Executing a manipulation of the argument Password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be use...
CVE-2025-12612
A security flaw has been discovered in Campcodes School Fees Payment Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=deletecourse. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been...
CVE-2025-12614 SourceCodester Best House Rental Management System admin_class.php delete_payment sql injection
A weakness has been identified in SourceCodester Best House Rental Management System 1.0. Impacted is the function deletepayment of the file /adminclass.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...
EUVD-2025-37469
A weakness has been identified in SourceCodester Best House Rental Management System 1.0. Impacted is the function deletepayment of the file /adminclass.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...
EUVD-2025-37466
A security flaw has been discovered in Campcodes School Fees Payment Management System 1.0. This issue affects some unknown processing of the file /ajax.php. The manipulation results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be...
CVE-2025-12610
CVE-2025-12610 affects CodeAstro Gym Management System 1.0, with a SQL injection in the /admin/view-progress-report.php file. The vulnerability arises from manipulated the ID parameter, potentially enabling remote exploitation. Public disclosures exist for the exploit. Affected component is the v...
CVE-2025-12608
A security flaw has been discovered in itsourcecode Online Loan Management System 1.0. The affected element is an unknown function of the file /manageuser.php. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has...
PHPGurukul News Portal 安全漏洞
News Portal is a news portal. News Portal suffers from an information disclosure vulnerability that originates from an unknown function in the /onps/settings.py file that fails to properly handle sensitive data. The vulnerability can be exploited to insert sensitive information into debugging cod...
CVE-2025-12597
A vulnerability was detected in SourceCodester Best House Rental Management System 1.0. Affected by this vulnerability is the function savecategory of the file /adminclass.php. Performing manipulation of the argument Name results in sql injection. The attack can be initiated remotely. The exploit...
EUVD-2025-37440
A security flaw has been discovered in code-projects Simple Online Hotel Reservation System 2.0. This affects an unknown function of the file /admin/addaccount.php. The manipulation of the argument Name results in sql injection. The attack may be performed from remote. The exploit has been releas...
CVE-2025-12594 code-projects Simple Online Hotel Reservation System add_account.php sql injection
A security flaw has been discovered in code-projects Simple Online Hotel Reservation System 2.0. This affects an unknown function of the file /admin/addaccount.php. The manipulation of the argument Name results in sql injection. The attack may be performed from remote. The exploit has been releas...
CVE-2025-62267
Multiple cross-site scripting XSS vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary we...
Liferay Portal and DXP affected by multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page
Multiple cross-site scripting XSS vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary we...
CVE-2025-62267
Multiple cross-site scripting XSS vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary we...
CVE-2025-62267
Multiple cross-site scripting XSS vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary we...