CVE-2022-29981

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=delete...

CVE-2022-30842

Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting XSS via /ctpms/classes/Users.php?f=save, firstname...

CVE-2022-46472

Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /hss/classes/Users.php?f=delete...

CVE-2025-4695 PHPGurukul/Campcodes Cyber Cafe Management System add-users.php sql injection

A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add-users.php. The manipulation of the argument uadd leads to sql injection. It is possible to launch the attack remotely. The explo...

PT-2025-21277

Name of the Vulnerable Software and Affected Versions: PHPGurukul Cyber Cafe Management System version 1.0 Description: A critical issue was found in the PHPGurukul Cyber Cafe Management System. The problem affects an unknown function of the file /add-users.php. The manipulation of the uadd...

CVE-2025-3018 SourceCodester Online Eyewear Shop Users.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /classes/Users.php?f=delete. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit ha...

CVE-2025-3018 SourceCodester Online Eyewear Shop Users.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /classes/Users.php?f=delete. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit ha...

PT-2025-8962 · B1Gmail · B1Gmail

Name of the Vulnerable Software and Affected Versions: b1gMail versions up to 7.4.1-pl1 Description: A problematic issue was found in the Admin Page component, specifically in the file src/admin/users.php, where the manipulation of the query/q argument leads to deserialization. This issue can be...

CVE-2024-35345

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts unidentified code within the file /classes/Users.php. Manipulating the argument id results in cross-site scripting...

CVE-2024-57522

SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting XSS in Users.php. An attacker can inject a malicious script into the username or name field during user creation...

CVE-2024-57523

Cross Site Request Forgery CSRF in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user...

CVE-2024-57522

SourceCodester Packers and Movers Management System v1.0 is affected by a Cross Site Scripting (XSS) vulnerability in Users.php, allowing an attacker to inject malicious scripts via the username or name fields during user creation. The issue is documented across multiple sources (CVE-2024-57522);...

CVE-2024-57522

SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting XSS in Users.php. An attacker can inject a malicious script into the username or name field during user creation...

Exploit for Cross-Site Request Forgery (CSRF) in Oretnom23 Packers_And_Movers_Management_System

CVE-2024-57523 - CSRF Vulnerability in Users.php - SourceCodes...

CVE-2024-8554

A vulnerability was found in SourceCodester Clinics Patient Management System 2.0 and classified as problematic. This issue affects some unknown processing of the file /users.php. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2024-8343 SourceCodester Sentiment Based Movie Rating System User Registration Users.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Sentiment Based Movie Rating System 1.0. Affected is an unknown function of the file /classes/Users.php?f=saveclient of the component User Registration Handler. The manipulation of the argument email leads to sql...

CVE-2024-42776

Kashipara Hotel Management System v1.0 is affected by an Incorrect Access Control vulnerability exploitable via /admin/users.php. The CVE describes unauthorized access with network attack vector, requiring high privileges, and with no user interaction, potentially impacting confidentiality, integ...

Online Banking System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Online Banking System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits ...

CVE-2024-7851 SourceCodester Yoga Class Registration System Add User Users.php improper authorization

A vulnerability has been found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Users.php?f=save of the component Add User Handler. The manipulation leads to improper authorization. The attack can be...

Aero CMS 0.0.1 Cross Site Request Forgery

============================================================================================================================================= | Title : Aero CMS v0.0.1 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | | Vendor...