CVE-2018-25364 Twitter-Clone 1 SQL Injection via search.php

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

CVE-2026-9447

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has be...

CVE-2026-9447

SourceCodester Simple POS and Inventory System 1.0 contains a SQL injection vulnerability in the /user/search.php endpoint, triggered by manipulating the Name parameter. This is a network-accessible issue reported as remote, with the exploit publicly available. The connected documents provide the...

CVE-2018-25342

Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract...

CVE-2026-35016

Open ISES Tickets prior to 3.44.2 is vulnerable to a reflected XSS in search.php. The issue arises when an unsanitized value is passed via the frm_query POST parameter, which gets injected into an HTML input field VALUE attribute and echoed back to the user. Exploitation requires authentication a...

CVE-2020-37218

Joomla comhdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hdwplayersearch parameter. Attackers can submit POST requests with crafted SQL payloads in the...

CVE-2020-37218 Joomla com_hdwplayer 4.2 SQL Injection via search.php

Joomla comhdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hdwplayersearch parameter. Attackers can submit POST requests with crafted SQL payloads in the...

EUVD-2026-29112

SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution by writing malicious files to the server's file system via the keyword parameter in the...

CVE-2026-36962

SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution by writing malicious files to the server's file system via the keyword parameter in the...

CVE-2026-4615 SourceCodester Online Catering Reservation search.php sql injection

A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...

PT-2026-21886

A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected is an unknown function of the file /patient-search.php. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be executed...

CVE-2026-2090

CVE-2026-2090 affects the SourceCodester Online Class Record System 1.0. The vulnerability resides in the /admin/message/search.php handler, where manipulating the term parameter can lead to a SQL injection. Exploitation is possible remotely and public disclosures exist. Several sources corrobora...

CVE-2026-0546 code-projects Content Management System search.php sql injection

A vulnerability was determined in code-projects Content Management System 1.0. This impacts an unknown function of the file search.php. This manipulation of the argument Value causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may ...

CVE-2025-14276

A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leafsearch.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...

Ilevia EVE X1 Server 命令注入漏洞

Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A command injection vulnerability exists in Ilevia EVE X1 Server version 4.6.5.0.eden and prior versions, which stems from incorrect manipulation of the parameter line in the file /ajax/php/leafsearch.php, which coul...

CVE-2024-44655

PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting XSS via the search parameter in user-search.php...

CVE-2025-13255

A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. This issue affects some unknown processing of the file /booksearch.php. Performing a manipulation of the argument bookpub/booktitle results in sql injection. It is possible to initiate the attack remotely...

Revive Adserver 安全漏洞

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

CVE-2025-61464

gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the searchtable in bbs/search.php...

EUVD-2025-30784

Malicious code in bioql PyPI...