Lucene search
K

360 matches found

CNNVD
CNNVD
added 2026/04/01 12:0 a.m.7 views

Code-Projects Simple Laundry System 代码注入漏洞

Code-Projects Simple Laundry System is an open-source system developed by Code-Projects, designed for managing laundry shop operations. It offers features such as order management, customer management, and inventory management. Version 1.0 of Code-Projects Simple Laundry System contains a code...

6.1CVSS5.7AI score0.0027EPSS
Exploits1References5
NVD
NVD
added 2026/03/27 3:16 a.m.4 views

CVE-2026-4908

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from remote. The exploit...

9.8CVSS0.00393EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/27 2:25 a.m.34 views

CVE-2026-4908 code-projects Simple Laundry System Parameter modstaffinfo.php sql injection

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from remote. The exploit...

7.5CVSS0.00393EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/27 2:25 a.m.3 views

CVE-2026-4908 code-projects Simple Laundry System Parameter modstaffinfo.php sql injection

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from remote. The exploit...

7.5CVSS6.8AI score0.00393EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/27 2:25 a.m.4 views

CVE-2026-4908

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from remote. The exploit...

7.5CVSS6.8AI score0.00393EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/03/27 2:25 a.m.14 views

CVE-2026-4908

The CVE-2026-4908 entry concerns code-projects Simple Laundry System 1.0. The vulnerability resides in the Parameter Handler’s modstaffinfo.php, where manipulating the userid parameter enables SQL injection. The flaw is exploitable remotely and has seen public exploit activity. Connected sources ...

9.8CVSS6.8AI score0.00393EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/03/21 4:17 a.m.5 views

CVE-2026-3460

The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...

5.3CVSS0.00324EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.28 views

CVE-2026-3460 REST API TO MiniProgram <= 5.1.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'userid' REST API Parameter

The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...

5.3CVSS0.00324EPSS
Exploits0References7
CVE
CVE
added 2026/03/21 3:26 a.m.10 views

CVE-2026-3460

CVE-2026-3460 concerns the REST API TO MiniProgram plugin for WordPress. The vulnerability allows an authenticated user with Subscriber-level access or higher to modify arbitrary users’ store-related metadata (storeinfo, storeappid, storename) via an attacker-controlled userid parameter in the RE...

5.3CVSS5.9AI score0.00324EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.9 views

CVE-2026-3460 REST API TO MiniProgram <= 5.1.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'userid' REST API Parameter

The REST API TO MiniProgram plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.2. This is due to the permission callback updateuserwechatshopinfopermissionscheck only validating that the supplied 'openid' parameter corresponds to an...

5.3CVSS5.9AI score0.00324EPSS
Exploits0References7
NVD
NVD
added 2026/03/18 9:16 p.m.4 views

CVE-2026-32321

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute...

8.8CVSS0.00432EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/18 8:37 p.m.15 views

CVE-2026-32321 ClipBucket v5 has time-based Blind SQL Injection in ajax.php that leads to Data Exfiltration

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute...

8.8CVSS0.00432EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/18 8:37 p.m.2 views

EUVD-2026-12960

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute...

8.8CVSS6.1AI score0.00432EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/18 8:37 p.m.3 views

CVE-2026-32321 ClipBucket v5 has time-based Blind SQL Injection in ajax.php that leads to Data Exfiltration

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute...

8.8CVSS6.1AI score0.00432EPSS
Exploits1References2
CVE
CVE
added 2026/03/18 8:37 p.m.11 views

CVE-2026-32321

ClipBucket v5.x prior to 5.5.3 #80 contains an authenticated time-based blind SQL injection in the actions/ajax.php endpoint. The vulnerability arises from insufficient input sanitization of the userid parameter, enabling an authenticated attacker to execute arbitrary SQL queries, leading to full...

8.8CVSS6.1AI score0.00432EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/18 8:37 p.m.4 views

CVE-2026-32321 ClipBucket v5 has time-based Blind SQL Injection in ajax.php that leads to Data Exfiltration

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute...

8.8CVSS6.1AI score0.00432EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.3 views

PT-2026-26155

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute...

8.8CVSS6.1AI score0.00432EPSS
Exploits1References7
OSV
OSV
added 2026/01/27 5:16 p.m.5 views

CVE-2025-69562

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...

9.8CVSS5.8AI score0.00442EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/27 12:0 a.m.3 views

CVE-2025-69562

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...

5.9AI score0.00442EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.7 views

PT-2026-4966

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter...

5.9AI score0.00442EPSS
Exploits1References3
Rows per page
Query Builder