Lucene search
K

331 matches found

RedhatCVE
RedhatCVE
added 2026/02/07 1:12 p.m.5 views

CVE-2026-2013

A vulnerability was identified in itsourcecode Student Management System 1.0. This affects an unknown function of the file /ramonsys/soa/index.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used...

9.8CVSS7.2AI score0.00416EPSS
Exploits1References1
NVD
NVD
added 2026/02/07 12:15 a.m.5 views

CVE-2020-37163

QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'located' parameter in the findmatches endpoint. Attackers can inject UNION-based SQL statements to extract database information including user credentials, database name...

8.8CVSS0.0041EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/06 11:14 p.m.4 views

CVE-2020-37163 QuickDate 1.3.2 - SQL Injection

QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'located' parameter in the findmatches endpoint. Attackers can inject UNION-based SQL statements to extract database information including user credentials, database name...

8.8CVSS5.9AI score0.0041EPSS
Exploits0References3
CVE
CVE
added 2026/02/06 11:14 p.m.10 views

CVE-2020-37163

CVE-2020-37163 – QuickDate 1.3.2 suffers a SQL injection in the find_matches endpoint via the '_located' parameter, enabling UNION-based payloads to exfiltrate database information (credentials, DB name, system version). Evidence across sources confirms the vulnerable component and location of in...

8.8CVSS5.7AI score0.0041EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.10 views

Itsourcecode Society Management System SQL Injection Vulnerability

itsourcecode Society Management System is an open-source social management system developed by itsourcecode. Version 1.0 of the itsourcecode Society Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter studentid in the file...

9.8CVSS7.2AI score0.00333EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.7 views

SAP NetWeaver ICM Info Sensitive Information Disclosure

SAP NetWeaver Internet Communication Manager ICM includes an information page that can disclose sensitive information about the SAP platform, such as operating system version, SAP version, IP address, and other details. If this page is accessible without proper authentication, it can expose...

6.4AI score
Exploits0References1
CNNVD
CNNVD
added 2026/01/11 12:0 a.m.3 views

Intern Membership Management System SQL注入漏洞

Intern Membership Management System is an intern membership management system. An SQL injection vulnerability exists in Intern Membership Management System version 1.0, which stems from an incorrect manipulation of the parameter activityid in the file /admin/deleteactivity.php, which could lead t...

7.2CVSS5.7AI score0.00311EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.7 views

CVE-2023-4712

A vulnerability, which was classified as critical, was found in Xintian Smart Table Integrated Management System 5.6.9. This affects an unknown part of the file /SysManage/AddUpdateRole.aspx. The manipulation of the argument txtRoleName leads to sql injection. The exploit has been disclosed to th...

9.8CVSS7.4AI score0.00696EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.19 views

CVE-2025-40695

Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'remark', 'status' and 'takeaction' parameters via POST at the endpoint '/ofrs/admin/request-details.php'. This...

5.4CVSS5.5AI score0.00193EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.12 views

PT-2026-1777

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.8 Description A flaw exists in the HTTP POST Request Handler component of the software, specifically in the processing of the /isomp-protocol/protocol/getHis file...

10CVSS9.2AI score0.05593EPSS
Exploits1References12
NVD
NVD
added 2026/01/05 1:15 p.m.6 views

CVE-2026-0590

A vulnerability was determined in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/checkout/delete.php of the component POST Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate th...

9.8CVSS0.00315EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.7 views

PT-2026-1278

Name of the Vulnerable Software and Affected Versions code-projects Online Product Reservation System version 1.0 Description A flaw exists in code-projects Online Product Reservation System 1.0 that allows for SQL injection. The issue is located in an unknown function within the...

9.8CVSS7.5AI score0.00315EPSS
Exploits1References9
NVD
NVD
added 2025/12/29 9:15 a.m.4 views

CVE-2025-15181

A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing manipulation of the argument rfid results in sql injection. Remote exploitation of the attack is possible. Th...

9.8CVSS0.00333EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.6 views

PT-2025-53778

Name of the Vulnerable Software and Affected Versions SohuTV CacheCloud versions prior to 3.2.1 Description A cross site scripting issue exists in SohuTV CacheCloud. The issue is present in the getExceptionStatisticsByClient, getCommandStatisticsByClient, and doIndex functions within the...

4.8CVSS6.2AI score0.00248EPSS
Exploits1References14
Vulnrichment
Vulnrichment
added 2025/12/24 7:27 p.m.4 views

CVE-2018-25128 SOCA Access Control System 180612 SQL Injection and Authentication Bypass

SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, retrieve password hashes, and gain administrative access with full system privileges by...

9.3CVSS7.9AI score0.00354EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/14 12:0 a.m.4 views

PT-2025-51136

Name of the Vulnerable Software and Affected Versions itsourcecode Online Pet Shop Management System version 1.0 Description A security issue exists in itsourcecode Online Pet Shop Management System version 1.0 related to the processing of the file /pet1/update cnp.php. Manipulation of the ID...

9.8CVSS7.3AI score0.00333EPSS
Exploits1References12
Cvelist
Cvelist
added 2025/12/13 3:32 p.m.30 views

CVE-2025-14619 code-projects Student File Management System login_query.php sql injection

A vulnerability was found in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file loginquery.php. Performing manipulation of the argument studno results in sql injection. The attack may be initiated remotely. The exploit has been...

7.5CVSS0.00436EPSS
Exploits1References6
EUVD
EUVD
added 2025/12/10 9:31 p.m.5 views

EUVD-2020-30832

All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global...

8.6CVSS6.3AI score0.00224EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/10 1:35 a.m.7 views

CVE-2025-14285

A vulnerability was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file editpersonnel.php. The manipulation of the argument perid results in sql injection. The attack can be launched remotely. The exploit has been made public and could be use...

9.8CVSS7.3AI score0.00326EPSS
Exploits1References1
OSV
OSV
added 2025/12/08 10:16 a.m.8 views

CVE-2025-14226

A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and...

9.8CVSS5.8AI score0.00339EPSS
Exploits1References5
Rows per page
Query Builder