51 matches found
PT-2025-40986
Name of the Vulnerable Software and Affected Versions Negotiator version 3.15.2 Description An Insecure Direct Object Reference IDOR exists in Negotiator. This allows an attacker to access or modify unauthorized resources by manipulating requests. The issue involves the userID parameter within th...
PMTicket Project-Management-Software 代码问题漏洞
PMTicket Project-Management-Software is a PMTicket open source agile project management and issue tracking system. A code issue vulnerability exists in PMTicket Project-Management-Software, which stems from incorrect manipulation of the parameter userid of the component Cookie Handler in the file...
CVE-2025-30060
In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter...
CVE-2025-30061
In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter...
CVE-2025-30060
In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter...
CVE-2025-30061 SQL injection in utils/Reporter/OpenReportWindow.pl via the UserID parameter
In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter...
CVE-2025-30061 SQL injection in utils/Reporter/OpenReportWindow.pl via the UserID parameter
In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter...
CVE-2025-30060 SQL injection in ReturnUserUnitsXML.pl via the UserID parameter
In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter...
CGM CLININET SQL注入漏洞
CGM CLININET is a hospital information management system from German company CGM. CGM CLININET suffers from a SQL injection vulnerability that stems from improper handling of the UserID parameter in the getUserInfo function, which could lead to a SQL injection attack...
PT-2025-32579 · Mattermost · Mattermost Confluence Plugin
Name of the Vulnerable Software and Affected Versions: Mattermost Confluence Plugin versions prior to 1.5.0 Description: The Mattermost Confluence Plugin does not verify user access to a channel, enabling attackers to create channel subscriptions without authorization through an API call to the...
CVE-2025-6901
A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /phpaction/removeUser.php. The manipulation of the argument userid leads to sql injection. The attack may be initiated remotely. The exploi...
Code-Projects Inventory Management System 安全漏洞
Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the userid parameter in the /phpaction/changePassword.php file against an externally entered SQL statement. An...
SourceCodester Stock Management System 注入漏洞
SourceCodester Stock Management System is a SourceCodester open source inventory management system. An injection vulnerability exists in SourceCodester Stock Management System version 1.0, which originates from an SQL injection caused by the operation of the parameter userid in the file...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the batchForceLogout operation, accessible via the /monitor/online/batchForceLogout endpoint. A user can bypass authorization controls to force another user offline by supplying a different user's ID in the ids...
EsafeNet CDG SQL注入漏洞
EsafeNet CDG is a document security management system from EsafeNet. EsafeNet CDG 5 suffers from a SQL injection vulnerability, which originates from the userId parameter of the /com/esafenet/servlet/user/ReUserOrganiseService.java page contains a SQL injection vulnerability...
Huachu Digital Easytest Online Test Platform 安全漏洞
Huachu Digital Easytest Online Test Platform is an online test platform from Huachu Digital. A security vulnerability exists in Huachu Digital Easytest Online Test Platform version 24E01 and earlier, which stems from improper handling of the uid parameter and could allow a remote attacker to...
CVE-2024-30938
SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMSUser.php component...
Loan Management System SQL Injection Vulnerability
Loan Management System is a loan management system by razormist individual developers. A SQL injection vulnerability exists in Loan Management System version 1.0, which stems from an incorrect manipulation of the parameter userid that can lead to sql injection...
Best Courier Management System Security Vulnerability
Best Courier Management System is a courier management system by Mayuri K. Individual developer. A security vulnerability exists in Best Courier Management System version v.1.0 that could allow a remote attacker to execute arbitrary code and prompt for privileges via the userID parameter using a...
CVE-2021-33223
An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file...