12 matches found
CVE-2026-7408
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be...
EUVD-2026-26289
A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function savesettings of the file /pizzafy/admin/ajax.php?action=savesettings of the component Setting Handler. Such manipulation leads to sql injection. It is possible...
PT-2026-35430
A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save type. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit ha...
Craft CMS has a Missing Authorization Check on User Group Removal via save-permissions Action
Summary The actionSavePermissions endpoint allows a user with only viewUsers permission to remove arbitrary users from all user groups. While saveUserGroups enforces per-group authorization for additions, it performs no equivalent authorization check for removals, so submitting an empty groups...
CVE-2026-5181
A vulnerability has been found in SourceCodester Simple Doctors Appointment System up to 1.0. This issue affects some unknown processing of the file /doctorsappointment/admin/ajax.php?action=savecategory. Such manipulation of the argument img leads to unrestricted upload. The attack may be...
PT-2026-23129
Name of the Vulnerable Software and Affected Versions Fluent Forms Pro versions up to and including 6.1.17 Description The Fluent Forms Pro plugin for WordPress is susceptible to Stored Cross-Site Scripting through the fluentform step form save data AJAX action. The draft form submission endpoint...
CVE-2025-10414
A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. The impacted element is an unknown function of the file /ajax.php?action=savecustomer. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit...
Kashipara Music Management System 安全漏洞
Kashipara Music Management System is a music management system from Kashipara. A cross-site scripting vulnerability exists in Kashipara Music Management System v1.0, which originates from the lack of effective filtering and escaping of the "title" and " action=savemusic" parameters lack effective...
CVE-2019-7721
lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters...
Cross site request forgery (csrf)
joyplus-cms 1.6.0 has XSS via the devicename parameter in a manager/adminajax.php?action=save flag=add request...
CVE-2018-10096
joyplus-cms 1.6.0 has XSS via the devicename parameter in a manager/adminajax.php?action=save flag=add request...
Symphony CMS SQL Injection Vulnerability
Symphony is a content management system CMS developed using PHP MySQL. Symphony suffers from a SQL injection vulnerability because the program fails to adequately validate the 'fieldsusername', 'actionsave', and 'fieldsemail' parameters can be exploited to execute arbitrary SQL code in the...