CVE-2026-6489

A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Background Management Page. The manipulation of the argument image results in unrestricted upload. The...

CVE-2026-9445

CVE-2026-9445 affects SourceCodester Simple POS and Inventory System 1.0. The vulnerability is in an unrestricted upload through the /admin/addproduct.php file (File Extension Handler); manipulating the image argument enables remote code upload. Impact and exploitation details indicate remote exp...

CVE-2026-7393

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function savemenu of the file /admin/adminclassnovo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be...

PT-2026-33450

Name of the Vulnerable Software and Affected Versions QueryMine sms affected versions not specified Description An unrestricted file upload flaw exists in the Background Management Page component. The issue occurs during the processing of the file 'admin/addteacher.php' when the image argument is...

EUVD-2026-17327

A vulnerability has been found in SourceCodester Simple Doctors Appointment System up to 1.0. This issue affects some unknown processing of the file /doctorsappointment/admin/ajax.php?action=savecategory. Such manipulation of the argument img leads to unrestricted upload. The attack may be...

CVE-2026-4875

A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /admin/modamenities/index.php?view=add. This manipulation of the argument image causes unrestricted upload. The attack is possible to be carried out remotely...

CVE-2026-4875

CVE-2026-4875 concerns itsourcecode Free Hotel Reservation System 1.0. The vulnerability resides in an unknown function inside the admin/module_amenities/index.php?view=add endpoint, where manipulating the argument image enables an unrestricted upload. The exploit can be carried out remotely, and...

CVE-2026-3800

A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclose...

CVE-2026-3800

A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclose...

CVE-2025-15495 BiggiDroid Simple PHP CMS editsite.php unrestricted upload

A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/editsite.php. The manipulation of the argument image results in unrestricted upload. The attack can be launched remotely. The exploit has been made public and could be used. The vendor...

CVE-2025-15495

CVE-2025-15495 affects BiggiDroid Simple PHP CMS 1.0. The vulnerability is in the admin function/file /admin/editsite.php where manipulation of the argument image enables an unrestricted file upload. The issue can be exploited remotely, and publicly available exploit evidence exists (e.g., exploi...

CVE-2026-0643

A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The...

House Rental and Property Listing 安全漏洞

House Rental and Property Listing is a system developed in PHP, JavaScript, Bootstrap, CSS and MySQL database. It makes it easy for users to find the right house or property for rent. A security vulnerability exists in House Rental and Property Listing version 1.0, which stems from incorrect...

CVE-2026-0643

The connected PT-2026-1547 advisory confirms a vulnerability in projectworlds House Rental and Property Listing v1.0, specifically in the Signup component’s /app/register.php?action=reg endpoint. An attacker can manipulate the image parameter to cause unrestricted file upload, enabling remote exp...

CVE-2025-15199

A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit h...

CVE-2025-15199

A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit h...

CVE-2025-15199 code-projects College Notes Uploading System userprofile.php unrestricted upload

A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit h...

CVE-2025-15197

A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated...

CVE-2025-15197 code-projects/anirbandutta9 Content Management System/News-Buzz editposts.php unrestricted upload

A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated...

CVE-2025-15197

The CVE-2025-15197 entry concerns code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. The flaw is in the admin/editposts.php file, where manipulating the image parameter allows an unrestricted upload. This enables remote exploitation as indicated by the public exploit. Affect...