CVE-2026-5041 code-projects Chamber of Commerce Membership Management System pageMail.php fwrite command injection

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...

CVE-2025-10664

A vulnerability was determined in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /create-ticket.php. Executing manipulation of the argument subject can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

PT-2025-4118 · Zenvia · Zenvia Movidesk

Name of the Vulnerable Software and Affected Versions: Zenvia Movidesk versions prior to 25.01.22.245a473c54 Description: A problematic issue has been found in the New Ticket Handler component, where the manipulation of the subject argument leads to cross-site scripting. This can be initiated...

CVE-2023-3794

A vulnerability classified as problematic has been found in Bug Finder ChainCity Real Estate Investment Platform 1.0. Affected is an unknown function of the file /chaincity/user/ticket/create of the component New Ticket Handler. The manipulation of the argument subject leads to cross site...

Broken Access Control on Private Message Function

Description There is 2 issues I found in one function. A = admin B = user1 C = attacker. Scenario 1: A send private message to B with subject "testing". B or C can change the subject, this will disturb Integrity of the messages as long as they know the UUID messages. Scenario 2: A send private...