524 matches found
PT-2026-47252
Name of the Vulnerable Software and Affected Versions Online Music Site version 1.0 Description An issue exists in the processing of the '/Frontend/Search.php' endpoint. Manipulation of the Category argument allows for SQL injection, which is a technique used to execute malicious SQL statements...
CVE-2018-25413
AiOPMSD Final 1.0.0 is affected by an SQL injection in search.php via the q parameter, allowing unauthenticated attackers to execute arbitrary SQL and enumerate usernames, database names, and version details. The CVE entry includes CVSS scores (3.1: base 8.2 HIGH network/low integrity; 4.0: base ...
CVE-2018-25413
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...
EUVD-2018-21935
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...
CVE-2018-25413 AiOPMSD Final 1.0.0 SQL Injection via search.php
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...
PT-2026-45113
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...
CVE-2018-25364
Twitter-Clone 1 contains a SQL injection flaw accessible without authentication via search.php. An attacker can inject malicious code into the name parameter to perform error-based and union-based SQL injections, enabling extraction of database information such as usernames, credentials, and syst...
EUVD-2018-21864
Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract...
CVE-2026-35016 Open ISES Tickets < 3.44.2 Reflected XSS via search.php frm_query Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmquery POST parameter directly into an HTML input field VALUE attribute. Attackers...
EUVD-2026-31187
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmquery POST parameter directly into an HTML input field VALUE attribute. Attackers...
CVE-2026-35016 Open ISES Tickets < 3.44.2 Reflected XSS via search.php frm_query Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmquery POST parameter directly into an HTML input field VALUE attribute. Attackers...
PT-2026-42258
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm query POST parameter directly into an HTML input field VALUE attribute. Attacker...
tickets 跨站脚本漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of Tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting vulnerability in the search.php file. It...
CVE-2019-25684 OpenDocMan 1.3.4 SQL Injection via where Parameter
OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitiv...
PT-2026-30492
OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitiv...
CVE-2025-41007
CVE-2025-41007 describes a SQL Injection in Cuantis via the /search.php?search parameter. Affected software is Cuantis (web application component) with the underlying issue being improper handling of user-supplied input leading to SQL injection. Impact as stated: potential retrieval, creation, up...
CVE-2024-51226
A stored cross-site scripting XSS vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Search parameter...
CVE-2026-3817
The CVE-2026-3817 entry concerns SourceCodester Patients Waiting Area Queue Management System 1.0. Affected component: the file /patient-search.php, where manipulation leads to improper authorization. Root cause is an authorization bypass allowing remote access. Exploitation is reported as public...
EUVD-2026-10212
A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearch.php. The manipulation of the argument flightno results in sql injection. It is possible to launch the attack remotely. The exploit has been made...
Personnel Property Equipment System 安全漏洞
Personnel Property Equipment System is a personnel property equipment management system developed by Jon Remus Sevellejo. Version 1.0 of Personnel Property Equipment System has a security vulnerability, which stems from an SQL injection vulnerability in the /ppes/admin/advancesearch.php file...