19 matches found
CVE-2026-4871 Sports Club Management <= 1.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'before' Attribute
The Sports Club Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before' and 'after' attributes of the scmmemberdata shortcode in all versions up to, and including, 1.12.9 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-4871
The Sports Club Management WordPress plugin (affected: versions up to and including 1.12.9) is vulnerable to Stored Cross-Site Scripting via the scm_member_data shortcode’s before/after attributes. Root cause: insufficient input sanitization and output escaping, enabling authenticated attackers w...
WordPress Sports Club Management plugin <= 1.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'before' Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'before' Attribute vulnerability discovered by zaim in WordPress Plugin Sports Club Management versions = 1.12.9...
WordPress plugin Sports Club Management 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2025-13422
A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/changespwd.php. Performing manipulation of the argument loginid results in sql injection. The attack may be initiated remotely. The exploit...
CVE-2025-13422
A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/changespwd.php. Performing manipulation of the argument loginid results in sql injection. The attack may be initiated remotely. The exploit...
Sports Club Management System in php SQL注入漏洞
Sports Club Management System in php is a sports club management system by Darkseid Personal Developer. A SQL injection vulnerability exists in Sports Club Management System in php version 1.0, which stems from an incorrect manipulation of the parameter loginid in the file...
CVE-2025-13422 freeprojectscodes Sports Club Management System change_s_pwd.php sql injection
A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/changespwd.php. Performing manipulation of the argument loginid results in sql injection. The attack may be initiated remotely. The exploit...
CVE-2025-13422 freeprojectscodes Sports Club Management System change_s_pwd.php sql injection
A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/changespwd.php. Performing manipulation of the argument loginid results in sql injection. The attack may be initiated remotely. The exploit...
CVE-2025-13422
CVE-2025-13422 affects freeprojectscodes Sports Club Management System 1.0. The vulnerable element is an unknown function in /dashboard/admin/change_s_pwd.php where manipulating the login_id parameter triggers SQL injection. The vulnerability is remotely exploitable and the exploit is public. Doc...
PT-2025-47540
Name of the Vulnerable Software and Affected Versions freeprojectscodes Sports Club Management System version 1.0 Description A flaw exists in freeprojectscodes Sports Club Management System 1.0 that allows for SQL injection. The issue is located in an unknown function within the...
EUVD-2022-51395
Malicious code in bioql PyPI...
PT-2025-35154
Name of the Vulnerable Software and Affected Versions: itsourcecode Sports Management System version 1.0 Description: A SQL injection issue exists due to the manipulation of the User argument in the file /login.php. This can be initiated remotely. The exploit has been publicly disclosed...
CVE-2022-4015
A vulnerability, which was classified as critical, was found in Sports Club Management System 119. This affects an unknown part of the file admin/makepayments.php. The manipulation of the argument mid/plan leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2022-4015
A vulnerability, which was classified as critical, was found in Sports Club Management System 119. This affects an unknown part of the file admin/makepayments.php. The manipulation of the argument mid/plan leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...
Sql injection
A vulnerability, which was classified as critical, was found in Sports Club Management System 119. This affects an unknown part of the file admin/makepayments.php. The manipulation of the argument mid/plan leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2022-4015 Sports Club Management System make_payments.php sql injection
A vulnerability, which was classified as critical, was found in Sports Club Management System 119. This affects an unknown part of the file admin/makepayments.php. The manipulation of the argument mid/plan leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...
Sports-Club-Management-System 安全漏洞
Sports-Club-Management-System is a sports club management system by Shreyansh Gupta, an individual developer. A security vulnerability exists in Sports-Club-Management-System, which stems from an affected unknown section of the file admin/makepayments.php, where manipulation of the parameter...
PT-2022-25246 · Unknown · Sports Club Management System
Name of the Vulnerable Software and Affected Versions: Sports Club Management System version 119 Description: A critical issue was found in the Sports Club Management System, affecting the file admin/make payments.php. The manipulation of the m id/plan argument leads to SQL injection. It is...