EUVD-2026-12403

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument useremail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...

CVE-2026-4235

CVE-2026-4235 affects itsourcecode Online Enrollment System 1.0. The vulnerability is an SQL injection in /sms/login.php via the user_email parameter, exploitable remotely over the network (no authentication). The cited exploit is PROOF-OF-CONCEPT. Impact is described in metrics as CONFIDENTIALIT...

CVE-2026-4235 itsourcecode Online Enrollment System login.php sql injection

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument useremail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...

EUVD-2019-19833

Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the useremail parameter. Attackers can send POST requests to index.php with malicious payloads in the useremail field to...

CVE-2019-25542

Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the useremail parameter. Attackers can send POST requests to index.php with malicious payloads in the useremail field to...

CVE-2026-1945

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpbusername' and 'wpbuseremail' parameters in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2026-1945 WPBookit <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via 'wpb_user_name' and 'wpb_user_email' Parameters

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpbusername' and 'wpbuseremail' parameters in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2026-1945

The CVE-2026-1945 entry concerns the WPBookit WordPress plugin. A Stored Cross-Site Scripting (XSS) vulnerability affects the plugin via the wpb_user_name and wpb_user_email parameters in all versions up to and including 1.0.8, caused by insufficient input sanitization and output escaping. Exploi...

PT-2026-22858

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpb user name' and 'wpb user email' parameters in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2026-2087

A flaw has been found in SourceCodester Online Class Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. This manipulation of the argument useremail causes sql injection. The attack may be initiated remotely. The exploit has been published and may...

CVE-2026-2087

A flaw has been found in SourceCodester Online Class Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. This manipulation of the argument useremail causes sql injection. The attack may be initiated remotely. The exploit has been published and may...

Inventory Management System /admin/login.php File SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that stems from the useremail parameter not being effectively filtered in the /admin/login.php file. No details of the vulnerability are available at this time...

CVE-2024-44653

Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the useremail parameter in userlogin.php...

CVE-2024-44653

Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email parameter in user_login.php. Multiple Connected sources corroborate a SQLi flaw stemming from unvalidated input in user_login.php, enabling potential unauthorized data access or manipulation. The attack surface is t...

PT-2025-47187

Name of the Vulnerable Software and Affected Versions Kashipara Ecommerce Website version 1.0 Description The software is susceptible to a SQL Injection issue through the user email parameter in the user login.php file. This allows for potential unauthorized access or manipulation of data. The...

EUVD-2024-55091

Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the useremail parameter in userlogin.php...

CVE-2025-13235

A vulnerability was determined in itsourcecode Inventory Management System 1.0. This affects an unknown function of the file /admin/login.php. Executing manipulation of the argument useremail can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly...

itsourcecode Inventory Management System SQL注入漏洞

Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that stems from the useremail parameter not being effectively filtered in the /admin/login.php file. No details of the vulnerability are available at this time...

CVE-2025-11611

A weakness has been identified in SourceCodester Simple Inventory System 1.0. Impacted is an unknown function of the file /user.php. This manipulation of the argument uemail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public...

EUVD-2025-30418

Malicious code in bioql PyPI...