469 matches found
Kashipara Online Furniture Shopping Ecommerce Website 安全漏洞
Kashipara Online Furniture Shopping Ecommerce Website is a fast online shopping ecommerce website from Kashipara. A security vulnerability exists in Kashipara Online Furniture Shopping Ecommerce Website version 1.0, which stems from an unvalidated useremail parameter in userlogin.php, which could...
PT-2025-47187
Name of the Vulnerable Software and Affected Versions Kashipara Ecommerce Website version 1.0 Description The software is susceptible to a SQL Injection issue through the user email parameter in the user login.php file. This allows for potential unauthorized access or manipulation of data. The...
EUVD-2024-55091
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the useremail parameter in userlogin.php...
CVE-2024-44653
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the useremail parameter in userlogin.php...
PT-2025-47169
Name of the Vulnerable Software and Affected Versions Kashipara Ecommerce Website version 1.0 Description The Kashipara Ecommerce Website is susceptible to SQL Injection. The issue affects the user register.php file and involves the user email, username, user firstname, user lastname, and user...
CVE-2024-44653
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email parameter in user_login.php. Multiple Connected sources corroborate a SQLi flaw stemming from unvalidated input in user_login.php, enabling potential unauthorized data access or manipulation. The attack surface is t...
EUVD-2025-197715
A vulnerability was determined in itsourcecode Inventory Management System 1.0. This affects an unknown function of the file /admin/login.php. Executing manipulation of the argument useremail can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly...
CVE-2025-13235
A vulnerability was determined in itsourcecode Inventory Management System 1.0. This affects an unknown function of the file /admin/login.php. Executing manipulation of the argument useremail can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly...
CVE-2025-13235
Mode C: This CVE concerns itsourcecode Inventory Management System 1.0. The vulnerability exists in the /admin/login.php file, where manipulating the user_email parameter can trigger SQL injection. It is exploitable remotely and has publicly disclosed exploits. Connected documents corroborate a S...
itsourcecode Inventory Management System SQL注入漏洞
Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that stems from the useremail parameter not being effectively filtered in the /admin/login.php file. No details of the vulnerability are available at this time...
PT-2025-47088
Name of the Vulnerable Software and Affected Versions Ascertia SigningHub versions through 8.6.8 Description A lack of rate limiting on the invite user function allows for an email bombing attack. An authenticated attacker can automate invite requests to a target email address. Recommendations...
CVE-2025-41343
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'...
CVE-2025-41343 Missing Authorization vulnerability in CanalDenuncia.app
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'...
CVE-2025-6574
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and excluding, 6.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for...
PT-2025-44666
Name of the Vulnerable Software and Affected Versions ELOG affected versions not specified Description The ELOG platform, an electronic logbook system, has an issue where an authenticated attacker with low privileges can modify another user's profile. Specifically, an attacker can alter a target...
GHSA-CW79-FQ4F-9R96 Liferay Portal Vulnerable to Information Exposure Through a Log File Vulnerability in LDAP Import Feature
Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows local users t...
Command Injection
@anthropic-ai/claude-code is vulnerable to Command Injection. The vulnerability is due to the application executing a command templated with git config user.email at startup without validating or sanitizing the input, which allows an attacker to use a maliciously configured Git user email to...
CVE-2025-11611
A weakness has been identified in SourceCodester Simple Inventory System 1.0. Impacted is an unknown function of the file /user.php. This manipulation of the argument uemail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public...
CVE-2025-11611
CVE-2025-11611 affects SourceCodester Simple Inventory System 1.0, with the vulnerability located in an unknown function of /user.php where manipulation of the uemail parameter yields SQL injection. The flaw is exploitable remotely and exploits have been publicly released. Multiple sources (NVD, ...
EUVD-2005-3337
Malware in sbrugna...