CVE-2025-0175

A vulnerability was found in code-projects Online Shop 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view.php. The manipulation of the argument name/details leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

CVE-2024-12935

A vulnerability classified as critical was found in code-projects Simple Admin Panel 1.0. This vulnerability affects unknown code of the file editItemForm.php. The manipulation of the argument record leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to t...

CVE-2024-12898

A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/facultyaction.php. The manipulation of the argument facultycourseid leads to sql injection. The attack can be initiate...

CVE-2024-11258

A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has bee...

CVE-2024-11250

A vulnerability was found in code-projects Inventory Management up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /model/editProduct.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit ha...

CVE-2024-11054

A vulnerability classified as critical was found in SourceCodester Simple Music Cloud Community System 1.0. This vulnerability affects unknown code of the file /music/ajax.php?action=signup. The manipulation of the argument pp leads to unrestricted upload. The attack can be initiated remotely. Th...

CVE-2024-10808

A vulnerability has been found in code-projects E-Health Care System 1.0 and classified as critical. This vulnerability affects unknown code of the file Admin/reqdetail.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2024-10741

A vulnerability has been found in code-projects E-Health Care System 1.0 and classified as critical. This vulnerability affects unknown code of the file /Users/registration.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has be...

CVE-2024-10655

A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file /pda/reportshop/new.php. The manipulation of the argument repid leads to sql injection. The attack can be initiated remotely. The exploit has been disclose...

CVE-2024-10598 Tongda OA Annual Leave data.php improper authorization

A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization. The attack can be...

CVE-2024-10421

A vulnerability classified as critical was found in SourceCodester Attendance and Payroll System 1.0. This vulnerability affects unknown code of the file /admin/overtimerow.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2024-10279

A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects unknown code of the file /com/esafenet/servlet/policy/PrintPolicyService.java. The manipulation of the argument policyId leads to sql injection. The attack can be initiated remotely. The...

CGA-4PXR-GP3Q-9HFV

Bulletin has no description...

Online Shop Store 跨站脚本漏洞

Online Shop Store is an online store system. A cross-site scripting vulnerability exists in Online Shop Store version 1.0, which originates from unknown code in the file /settings.php, where improper manipulation of parameters can lead to cross-site scripting attacks...

CVE-2024-8564

A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update.php. The manipulation of the argument tblpersonid/firstname/middlename/lastname leads to sql injection. The attack can be initiated...

CVE-2024-8341 SourceCodester Petshop Management System add_user.php unrestricted upload

A vulnerability classified as critical was found in SourceCodester Petshop Management System 1.0. This vulnerability affects unknown code of the file /controllers/adduser.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit h...

CVE-2024-8332 master-nan Sweet-CMS index sql injection

A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been declared as critical. This vulnerability affects unknown code of the file /table/index. The manipulation leads to sql injection. The attack can be initiated remotely. This product is usin...

CVE-2024-8146

A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The...

CVE-2024-7753

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /userimages/. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed ...

CVE-2024-7645 SourceCodester Clinics Patient Management System User Page users.php cross-site request forgery

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file users.php of the component User Page. The manipulation leads to cross-site request forgery. The attack can be initiated...