CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

92 matches found

CVE-2018-25382 Zechat 1.5 SQL Injection via uname Parameter

Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column...

8.8CVSS0.00065EPSS

Exploits0References4

Vulnrichment•added 6 days ago•4 views

CVE-2018-25382 Zechat 1.5 SQL Injection via uname Parameter

8.8CVSS5.9AI score0.00065EPSS

Exploits0References4

CVE•added 6 days ago•8 views

CVE-2018-25382

Zechat 1.5 contains an SQL injection in the uname parameter that allows unauthenticated attackers to extract database information by injecting SQL through profile.php. The described payloads use UNION-based injections to enumerate table names, column names, and sensitive data from information_sch...

8.8CVSS5.9AI score0.00065EPSS

Exploits0References4

Positive Technologies•added 6 days ago•5 views

PT-2026-44860

8.8CVSS5.9AI score0.00065EPSS

Exploits0References5

NVD•added 2026/04/02 6:16 p.m.•1 views

CVE-2026-5368

A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possible. The exploit h...

9.8CVSS0.00043EPSS

Exploits1References4

CVE•added 2026/04/02 5:15 p.m.•4 views

CVE-2026-5368

CVE-2026-5368 affects projectworlds Car Rental Project 1.0. The vulnerable element is an unknown function in the file /login.php of the Parameter Handler; manipulating the uname argument enables an SQL injection. Exploitation is remote and has been publicly disclosed. Multiple sources (NVD, Red H...

9.8CVSS6.8AI score0.00043EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/04/02 12:0 a.m.•1 views

PT-2026-29859

7.5CVSS6.8AI score0.00043EPSS

Exploits1References5

RedhatCVE•added 2026/01/09 9:34 a.m.•4 views

CVE-2024-41333

A reflected cross-site scripting XSS vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the uname parameter...

6.1CVSS6AI score0.00158EPSS

Exploits3References1

NVD•added 2025/12/22 4:16 a.m.•3 views

CVE-2025-15011

A vulnerability was found in code-projects Simple Stock System 1.0. Impacted is an unknown function of the file /logout.php. The manipulation of the argument uname results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

9.8CVSS0.00028EPSS

Exploits1References5

OSV•added 2025/12/22 4:16 a.m.•2 views

CVE-2025-15011

9.8CVSS6.9AI score

Exploits0References5

Cvelist•added 2025/12/22 3:32 a.m.•25 views

CVE-2025-15011 code-projects Simple Stock System logout.php sql injection

7.5CVSS0.00028EPSS

Exploits1References5

CVE•added 2025/12/22 3:32 a.m.•6 views

CVE-2025-15011

CVE-2025-15011 affects Simple Stock System 1.0. The vulnerability resides in /logout.php where manipulating the uname parameter triggers a SQL injection. Multiple connected sources confirm remote exposure and that the exploit is public, enabling potential unauthorized access and data impact (CVE ...

9.8CVSS7.2AI score0.00028EPSS

Exploits1References5Affected Software1

Positive Technologies•added 2025/12/22 12:0 a.m.•3 views

PT-2025-52623

Name of the Vulnerable Software and Affected Versions Simple Stock System version 1.0 Description A SQL injection issue exists in Simple Stock System 1.0. The issue is due to the manipulation of the uname argument in the /logout.php file. This allows for remote execution of attacks. The exploit h...

9.8CVSS7.3AI score0.00028EPSS

Exploits1References11

RedhatCVE•added 2025/10/09 5:10 a.m.•2 views

CVE-2025-11434

A weakness has been identified in itsourcecode Student Transcript Processing System 1.0. Affected is an unknown function of the file /login.php. Executing a manipulation of the argument uname can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...

9.8CVSS7.2AI score0.00042EPSS

Exploits1References1

OSV•added 2025/10/08 5:15 a.m.•1 views

CVE-2025-11434

9.8CVSS5.8AI score

Exploits0References5

Vulnrichment•added 2025/10/08 5:2 a.m.•1 views

CVE-2025-11434 itsourcecode Student Transcript Processing System login.php sql injection

7.5CVSS7.2AI score0.00042EPSS

Exploits1References5

Cvelist•added 2025/10/08 5:2 a.m.•6 views

CVE-2025-11434 itsourcecode Student Transcript Processing System login.php sql injection

7.5CVSS0.00042EPSS

Exploits1References5

CNNVD•added 2025/10/08 12:0 a.m.•1 views

itsourcecode Student Transcript Processing System SQL注入漏洞

itsourcecode Student Transcript Processing System is itsourcecode open source a student transcript processing system. A SQL injection vulnerability exists in version 1.0 of itsourcecode Student Transcript Processing System, which stems from an incorrect manipulation of the parameter uname in the...

9.8CVSS7.7AI score0.00042EPSS

Exploits1References5

Positive Technologies•added 2025/10/08 12:0 a.m.•2 views

PT-2025-41226

Name of the Vulnerable Software and Affected Versions itsourcecode Student Transcript Processing System version 1.0 Description A weakness exists in itsourcecode Student Transcript Processing System 1.0. The issue involves the potential for SQL injection through manipulation of the uname argument...

9.8CVSS7.3AI score0.00042EPSS

Exploits1References11