CVE-2025-34228

Vasion Print (formerly PrinterLogic) SSRF in VA/VA SaaS before 25.1.102 (Host) and before 25.1.1413 (Application). The issue arises from unauthenticated access to /var/www/app/console_release/lexmark/update.php, which builds URLs from user-controlled values and forwards requests via curl_exec() o...

CVE-2025-9749

A vulnerability was identified in HKritesh009 Grocery List Management Web App up to f491b681eb70d465f445c9a721415c965190f83b. This affects an unknown part of the file /src/update.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2025-9749

A vulnerability was identified in HKritesh009 Grocery List Management Web App up to f491b681eb70d465f445c9a721415c965190f83b. This affects an unknown part of the file /src/update.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2025-9749

CVE-2025-9749 affects HKritesh009 Grocery List Management Web App (up to f491b681eb70d465f445c9a721415c965190f83b). The vulnerability is an SQL injection in an unknown portion of /src/update.php triggered by manipulating the ID parameter, with remote exploitation possible. Public exploit exists. ...

CVE-2025-9402

A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request forgery. The attack is possible to be carri...

Daily Expense Manager update.php File SQL Injection Vulnerability

Daily Expense Manager is a daily expense management system. Daily Expense Manager suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the parameters pname, pprice, and id in the file /update.php. No details of the vulnerabilit...

DLA-4186-1 php-twig - security update

Bulletin has no description...

CVE-2024-40456

ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php...

[SECURITY] Fedora 42 Update: php-8.4.5-1.fc42

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

PT-2025-3956 · Unknown · Code-Projects Fantasy-Cricket

Name of the Vulnerable Software and Affected Versions: code-projects Fantasy-Cricket version 1.0 Description: A critical issue has been found, allowing for SQL injection through the manipulation of the uname argument in an unknown function of the file /dash/update.php. This can be exploited...

Debian: Security Advisory (DLA-3997-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-12890

A vulnerability was found in code-projects Online Exam Mastering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /update.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. The attack may be initiated remotely. The...

ALSA-2024:10949 Moderate: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk CVE-2024-3096 php: Filter bypass in filtervar...

CVE-2024-12360

A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as critical. This issue affects some unknown processing of the file classupdate.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...

CVE-2024-9817

A vulnerability was found in code-projects Blood Bank System 1.0. It has been classified as critical. This affects an unknown part of the file /update.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed ...

PT-2024-39862 · Unknown · Code-Projects Blood Bank System

Name of the Vulnerable Software and Affected Versions: code-projects Blood Bank System version 1.0 Description: A critical issue has been found, affecting an unknown part of the file /update.php. The manipulation of the name argument leads to SQL injection. It is possible to initiate the attack...

CVE-2024-8563

A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/update.php. The manipulation of the argument firstname/middlename/lastname leads to cross site scripting. It is possible to initiate the attack...

CVE-2024-6958

A vulnerability classified as critical was found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /stupdate.php of the component Avatar File Handler. The manipulation of the argument personalimage leads to unrestricted upload. The attack can be...

CVE-2023-38825

SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php...

Fujian Kelixin Command and Dispatch Platform SQL Injection Vulnerability

Fujian Kelixin Command and Dispatch Platform is a command and dispatch platform from Fujian Kelixin Company. A SQL injection vulnerability exists in Fujian Kelixin Command and Dispatch Platform version 20240318 and earlier versions, which originates from an unknown function in...