Vehicle Parking Management System signup.php File SQL Injection Vulnerability

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter email in the file /users/signup.php that lacks validation of externally entered SQL statements. An attacker can...

Tucows (VDP): Business Logic Error – Bypass of OTP Verification During Signup on hover.com

The Business Logic Error – Bypass of OTP Verification During Signup on hover.com was a vulnerability that allowed an attacker to register an account on www.hover.com using any email address without passing the required OTP verification. The vulnerability was caused by the ability to omit the code...

CVE-2025-7480

A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this issue is some unknown functionality of the file /users/signup.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The...

PHPGurukul Vehicle Parking Management System 注入漏洞

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter email in the file /users/signup.php that lacks validation of externally entered SQL statements. An attacker can...

WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin <= 3.2.3 - Privilege Escalation vulnerability

WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin = 3.2.3 - Privilege Escalation vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WooCommerce Registration Fields Plugin - Custom Signup Fields versions = 3.2.3...

Car Rental System signup.php File SQL Injection Vulnerability

Car Rental System is a car rental system. Car Rental System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter fname in the file /signup.php. The vulnerability can be exploited to execute illegal SQL...

CVE-2025-49029

Improper Control of Generation of Code 'Code Injection' vulnerability in bitto.kazi Custom Login And Signup Widget custom-login-and-signup-widget allows Code Injection.This issue affects Custom Login And Signup Widget: from n/a through = 1.0...

CVE-2025-24289

A Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS vulnerability in the UCRM Client Signup Plugin v1.3.4 and earlier could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default...

CVE-2025-49029

Improper Control of Generation of Code 'Code Injection' vulnerability in bitto.kazi Custom Login And Signup Widget custom-login-and-signup-widget allows Code Injection.This issue affects Custom Login And Signup Widget: from n/a through = 1.0...

CVE-2025-49029 WordPress Custom Login And Signup Widget plugin <= 1.0 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in bitto.kazi Custom Login And Signup Widget custom-login-and-signup-widget allows Code Injection.This issue affects Custom Login And Signup Widget: from n/a through = 1.0...

WordPress plugin bitto.Kazi Custom Login And Signup Widget 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

WordPress Custom Login and Signup Widget 1.0 Remote Code Execution

WordPress Custom Login and Signup Widget plugin versions 1.0 and below suffer from a remote code execution vulnerability...

CVE-2025-6905

A vulnerability, which was classified as critical, has been found in code-projects Car Rental System 1.0. This issue affects some unknown processing of the file /signup.php. The manipulation of the argument fname leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-24289

A Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS vulnerability in the UCRM Client Signup Plugin v1.3.4 and earlier could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default...

CVE-2025-24289

A Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS vulnerability in the UCRM Client Signup Plugin v1.3.4 and earlier could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default...

CVE-2025-24289

The CVE-2025-24289 entry concerns the UCRM Client Signup Plugin (versions 1.3.4 and earlier). The documented vulnerability is a CSRF that can lead to XSS and privilege escalation when an Administrator visits a crafted malicious page. The plugin is disabled by default. Affected component: UCRM Cli...

CVE-2025-24289

A Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS vulnerability in the UCRM Client Signup Plugin v1.3.4 and earlier could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default...

PT-2025-27378 · Unknown · Ucrm Client Signup Plugin

Name of the Vulnerable Software and Affected Versions: UCRM Client Signup Plugin versions 1.3.4 and earlier Description: A Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS issue could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious...

Ubiquiti UCRM Client Signup Plugin 安全漏洞

Ubiquiti UCRM Client Signup Plugin is a plugin from Ubiquiti USA, Inc. that is used to implement customer signup functionality and integration with the UCRM system. A security vulnerability exists in Ubiquiti UCRM Client Signup Plugin version 1.3.4 and prior versions, which stems from...

Online Shoe Store customer_signup.php File SQL Injection Vulnerability

Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter email in the file /function/customersignup.php. An attacker can exploit this vulnerability...