PT-2026-24920

🚨 CVE-2026-3981 A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor action.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit h...

CVE-2020-36907 Extreme Networks Aerohive HiveOS <=11.x 11.x Unauthenticated Remote Denial of Service

Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service disruption...

CVE-2025-13451

Summary: CVE-2025-13451 affects SourceCodester Online Shop Project 1.0. The vulnerability is an SQL injection in an unknown function within the file /action.php, triggered by manipulation of the Search argument. The issue can be exploited remotely and the exploit appears to be publicly available....

CVE-2025-12252

A vulnerability was found in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /ajax/action.php. The manipulation of the argument content results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2025-12252 code-projects Online Event Judging System action.php sql injection

A vulnerability was found in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /ajax/action.php. The manipulation of the argument content results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

PT-2025-43910

Name of the Vulnerable Software and Affected Versions Code-Projects Online Event Judging System version 1.0 Description A SQL injection issue exists in Code-Projects Online Event Judging System 1.0. The issue is located in the /ajax/action.php file, specifically through manipulation of the conten...

CVE-2025-51968

A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing attackers to inject arbitrary SQL expressions...

CVE-2025-8501

A vulnerability classified as problematic has been found in code-projects Human Resource Integrated System 1.0. Affected is an unknown function of the file /insert-and-view/action.php. The manipulation of the argument content leads to cross site scripting. It is possible to launch the attack...

CVE-2025-7461

A vulnerability was found in code-projects Modern Bag 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /action.php. The manipulation of the argument proId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to...

Code-Projects Online Shopping Store 安全漏洞

Code-Projects Online Shopping Store is a Code-Projects open source online store. A security vulnerability exists in Code-Projects Online Shopping Store version 1.0, which originates from SQL injection due to incorrect manipulation of the parameters catid/brandid/keyword/proId/pid in file/action.p...

CVE-2024-48213

RockOA v2.6.5 is vulnerable to Directory Traversal in webmain/system/beifen/beifenAction.php...

CVE-2025-0666 BOINC Server Stored XSS Injection in host_venue_action.php

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in BOINC Server allows Stored XSS.This issue affects BOINC Server: through 1.4.7...

CVE-2024-12946

A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. This issue affects some unknown processing of the file /admin/adminaction.php. The manipulation of the argument adminusername leads to sql injection. The attack may be...

CVE-2024-12940

A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/studentaction.php. The manipulation of the argument studentid leads to sql injection. The attack can be initiated...

CVE-2024-12898 1000 Projects Attendance Tracking Management System faculty_action.php sql injection

A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/facultyaction.php. The manipulation of the argument facultycourseid leads to sql injection. The attack can be initiate...

CVE-2024-48213

RockOA v2.6.5 is vulnerable to Directory Traversal in webmain/system/beifen/beifenAction.php...

CVE-2023-48433

Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginaction.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-1566

A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has be...

CVE-2022-32392

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/manageaction.php:4...

CVE-2022-32391

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/viewaction.php:4...