PT-2026-6705

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System 1.0. The issue involves the manipulation of the ID argument within an unknown function of the...

PT-2025-38284

Name of the Vulnerable Software and Affected Versions: SourceCodester Hotel Reservation System version 1.0 Description: A SQL injection issue exists in the deleteuser.php file due to manipulation of the ID argument. This can be exploited remotely. The exploit is publicly available. Recommendation...

PT-2025-33746 · Hustoj · Hustoj

Name of the Vulnerable Software and Affected Versions: Hustoj version 2025-01-31 Description: The software contains a cross site scripting XSS issue in the thread.php file through the TID parameter. Recommendations: As a mitigation, sanitize the TID parameter in the thread.php file...

PT-2025-32378 · Unknown · Easy Hosting Control Panel

Name of the Vulnerable Software and Affected Versions: Easy Hosting Control Panel EHCP version 20.04.1.b Description: The Easy Hosting Control Panel EHCP contains a SQL injection issue via the id parameter in the Change Settings function. Recommendations: As a temporary workaround, consider...

PT-2025-29447 · Phpgurukul · Phpgurukul Dairy Farm Shop Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Dairy Farm Shop Management System version 1.3 Description: A critical issue exists in PHPGurukul Dairy Farm Shop Management System 1.3. This issue is due to a SQL injection vulnerability within the invoices.php and receipts.php...

PT-2025-29493 · Semcms · Semcms

Name of the Vulnerable Software and Affected Versions: SemCms version 5.0 Description: SemCms version 5.0 contains a SQL injection vulnerability through the pid parameter at the SEMCMS ct.php endpoint. Recommendations: As a temporary workaround, consider restricting access to the SEMCMS ct.php...

PT-2025-29492 · Semcms · Semcms

Name of the Vulnerable Software and Affected Versions: SemCms version 5.0 Description: SemCms version 5.0 contains a SQL injection issue via the pid parameter at the SEMCMS Categories.php file. Recommendations: As a temporary workaround, consider restricting access to the SEMCMS Categories.php fi...

CVE-2024-51993

Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their...

CVE-2024-51993

CVE-2024-51993 affects Combodo iTop (pre-3.2.0) where passwords for misconfigured users are stored in cleartext and can be read if an attacker gains access to backups or the database. The issue is mitigated by upgrading to version 3.2.0 or later. If upgrading is not possible, encryption of backup...

CVE-2024-51993 Password is stored in clear in the database in Combodo iTop

Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their...

Unauthenticated Blind SQL Injection in '/tags/autocomplete'

Description The application was found to be vulnerable to an unauthenticated blind SQL injection in the /tags/autocomplete page. The GET parameter term does not sufficiently sanitize input. Proof of Concept 1. Make a GET request to...

Reflected XSS in /library/custom_template/share_template.php

Description There exist a reflected XSS in /library/customtemplate/sharetemplate.php in the 'listid' parameter. Proof of Concept http://openemr.local/library/customtemplate/sharetemplate.php?listid=1;alert1;function%20xif1a=a:a:1 fix properly sanitize the listid parameter...

Themify Portfolio Post < 1.1.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the numofpages parameter before outputting it back the response of the themifycreatepopuppagepagination AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting PoC...