PT-2026-6901

Name of the Vulnerable Software and Affected Versions code-projects Social Networking Site version 1.0 Description A security flaw exists in code-projects Social Networking Site 1.0. The issue is related to SQL injection in an unknown function within the /delete post.php file. Manipulating the ID...

CVE-2025-14147 Easy GitHub Gist Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

The Easy GitHub Gist Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the gist shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

itsourcecode Human Resource Management System SQL注入漏洞

itsourcecode Human Resource Management System is itsourcecode open source human resource management system. A SQL injection vulnerability exists in itsourcecode Human Resource Management System version 1.0, which stems from a misuse of the eventSubject parameter in the file...

CVE-2025-60170 WordPress HTACCESS IP Blocker Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Taraprasad Swain HTACCESS IP Blocker htaccess-ip-blocker allows Stored XSS.This issue affects HTACCESS IP Blocker: from n/a through = 1.0...

CampCodes Payroll Management System 注入漏洞

CampCodes Payroll Management System is a payroll management system from CampCodes Philippines. An injection vulnerability exists in CampCodes Payroll Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter ID in file/ajax.php...

CloudClassroom-PHP-Project 安全漏洞

CloudClassroom-PHP-Project is a cloud classroom website by the individual developer Vishal Mathur. A security vulnerability exists in CloudClassroom-PHP-Project version 1.0, which stems from an uncleared squeryx parameter in the askquery.php file, which could lead to a SQL injection attack...

WordPress WP Custom Google Search plugin <= 1.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin WP Custom Google Search versions = 1.0...

WordPress Agile Video Player Lite plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Agile Video Player Lite versions = 1.0...

Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in Complete Web-Based School Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the index...

Foundation 安全漏洞

Foundation is an application from Foundation, Inc. Foundation.app A security vulnerability exists in Foundation platform version 1.0, which originated from a vulnerability that allows remote attackers to gain access to sensitive information through the Web3 authentication process...

Online Book System SQL注入漏洞

Online Book System is an online booking system. A SQL injection vulnerability exists in code-projects Online Book System version 1.0, which originates from a SQL injection vulnerability in the value parameter of the /Product.php file...

Online Book System SQL注入漏洞

Online Book System is an online booking system. A SQL injection vulnerability exists in Online Book System version 1.0, which originates from a lack of validation of externally entered SQL statements in the ID parameter of the /description.php file. An attacker can exploit this vulnerability to...

PT-2023-32074 · Sourcecodester · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical vulnerability has been found in the function register of the file Master.php. The manipulation of the argument email leads to sql injection. It is possible to...

Bug Finder ChainCity Real Estate Investment Platform SQL注入漏洞

Bug Finder ChainCity Real Estate Investment Platform is a real estate investment platform from Bug Finder, Inc. A SQL injection vulnerability exists in Bug Finder ChainCity Real Estate Investment Platform version 1.0, which stems from the parameter name of the component GET Parameter Handler that...

CVE-2023-35095

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin = 1.0.40 versions...

PT-2023-18369 · Campcodes · Campcodes Coffee Shop Pos System

Name of the Vulnerable Software and Affected Versions: Campcodes Coffee Shop POS System version 1.0 Description: A critical issue was found in the system, affecting an unknown function of the file /admin/sales/view details.php. The manipulation of the id argument leads to SQL injection. It is...

WordPress plugin Very Simple Breadcrumb 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

EGavilan Media Contact-Form-With-Messages-Entry-Management SQL注入漏洞

EGavilan Media Contact-Form-With-Messages-Entry-Management is a simple contact form system from EGavilan Media. EGavilan Media Contact-Form-With-Messages-Entry -Management version 1.0 contains a SQL injection vulnerability that stems from vulnerability to SQL injection attacks via Addmessage.php....

HMS SQL注入漏洞

HMS is a computer or web-based hospital management system. Useful for managing the operations of a hospital or any medical facility, a SQL injection vulnerability exists in HMS version 1.0, which stems from the presence of multiple parameters when requesting appointment.php using the POST method...