189 matches found
CVE-2026-1197 MineAdmin downloadById information disclosure
A vulnerability was detected in MineAdmin 1.x/2.x. Affected by this vulnerability is an unknown functionality of the file /system/downloadById. Performing a manipulation of the argument ID results in information disclosure. The attack can be initiated remotely. The attack's complexity is rated as...
PT-2026-3397
Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A security flaw exists in Yonyou KSOA 9.0 related to the manipulation of the ID parameter within an HTTP GET request to the file '/worksheet/work report.jsp'. This manipulation can lead to SQL injection...
CVE-2024-2276
A vulnerability has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Venuecontroller/editvenue/ of the component Edit Venue Page. The manipulation of the argument...
CVE-2026-0597
A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/editprofile.php. This manipulation of the argument txtRetailerAddress causes sql injection. Remote exploitation of the attack is possible. The exploit has...
EUVD-2026-0779
A vulnerability has been found in code-projects Online Product Reservation System 1.0. Affected by this issue is some unknown functionality of the file /handgunner-administrator/delete.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The explo...
CVE-2025-14836
A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/usersave.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation of the attack is possible. The exploit has...
PT-2025-51185
A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories accessible. The attack may be launched remotel...
EUVD-2025-203265
A vulnerability was found in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file loginquery.php. Performing manipulation of the argument studno results in sql injection. The attack may be initiated remotely. The exploit has been...
CVE-2025-14571
A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowbook.php. Such manipulation of the argument rollnumber leads to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2025-14537
A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument courseyearsection/semester causes sql injection. Remote exploitation of the attack is possible...
PT-2025-49578
Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System 1.0, specifically within the file /newsubject.php. The sub argument is susceptible to SQL injection, allowing for remote...
PT-2025-49529
Name of the Vulnerable Software and Affected Versions Yottamaster DM2 versions prior to 1.2.23 Yottamaster DM3 versions prior to 1.2.23 Yottamaster DM200 versions prior to 1.2.23 Yottamaster DM2 versions prior to 1.9.12 Yottamaster DM3 versions prior to 1.9.12 Yottamaster DM200 versions prior to...
CVE-2025-14201
A vulnerability was found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected by this vulnerability is an unknown functionality of the file /dishsub.php. The manipulation of the argument item.name results in cross site scripting. I...
CVE-2025-13546
A vulnerability was detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown functionality of the file /results.php of the component Search. The manipulation of the argument userquery results in sql injection. The attack can be...
CVE-2025-13545
A security vulnerability has been detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this vulnerability is an unknown functionality of the file /adminarea/index.php. The manipulation of the argument editpack leads to sql injection. The attack can be...
Travel Agency 代码问题漏洞
Travel Agency is a travel management website by Ashraf Kabir, an individual developer. Travel Agency has a code issue vulnerability that stems from the presence of unknown functionality in the file /customerregister.php, which could lead to unlimited uploads...
CVE-2025-13303
A vulnerability was determined in code-projects Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /search-edit.php. This manipulation of the argument Consignment causes sql injection. The attack can be initiated remotely. The exploit has been publicly...
CVE-2025-13238
CVE-2025-13238 affects Bdtask Flight Booking Software 4. The Edit Profile Page component (/agent/profile/edit) is susceptible to manipulation that enables unrestricted file uploads. The flaw can be exploited remotely and has publicly available exploit materials. Multiple sources corroborate the i...
EUVD-2025-197702
A vulnerability was determined in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality. This manipulation causes exposure of information through directory listing. The attack is possible to be carried out remotely. The exploit has been publicly...
CVE-2025-13201
A vulnerability was identified in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /login.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. The exploit is publicly availab...