Lucene search
K

12 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/29 8:45 p.m.4 views

CVE-2026-7408

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be...

5.8CVSS5AI score0.00253EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/29 8:30 p.m.4 views

EUVD-2026-26289

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function savesettings of the file /pizzafy/admin/ajax.php?action=savesettings of the component Setting Handler. Such manipulation leads to sql injection. It is possible...

5.8CVSS5AI score0.00253EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.8 views

PT-2026-35430

A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save type. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit ha...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/14 11:34 p.m.7 views

Craft CMS has a Missing Authorization Check on User Group Removal via save-permissions Action

Summary The actionSavePermissions endpoint allows a user with only viewUsers permission to remove arbitrary users from all user groups. While saveUserGroups enforces per-group authorization for additions, it performs no equivalent authorization check for removals, so submitting an empty groups...

5.3CVSS6AI score0.00248EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/03/31 5:16 a.m.2 views

CVE-2026-5181

A vulnerability has been found in SourceCodester Simple Doctors Appointment System up to 1.0. This issue affects some unknown processing of the file /doctorsappointment/admin/ajax.php?action=savecategory. Such manipulation of the argument img leads to unrestricted upload. The attack may be...

6.5CVSS0.00206EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.6 views

PT-2026-23129

Name of the Vulnerable Software and Affected Versions Fluent Forms Pro versions up to and including 6.1.17 Description The Fluent Forms Pro plugin for WordPress is susceptible to Stored Cross-Site Scripting through the fluentform step form save data AJAX action. The draft form submission endpoint...

7.2CVSS5.9AI score0.00263EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/09/16 10:49 p.m.5 views

CVE-2025-10414

A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. The impacted element is an unknown function of the file /ajax.php?action=savecustomer. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit...

9.8CVSS6.8AI score0.00383EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/08/26 12:0 a.m.2 views

Kashipara Music Management System 安全漏洞

Kashipara Music Management System is a music management system from Kashipara. A cross-site scripting vulnerability exists in Kashipara Music Management System v1.0, which originates from the lack of effective filtering and escaping of the "title" and " action=savemusic" parameters lack effective...

6.1CVSS6.1AI score0.00492EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/02/11 3:0 a.m.31 views

CVE-2019-7721

lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters...

7.6AI score0.01184EPSS
Exploits1References1
Prion
Prion
added 2018/04/13 4:29 p.m.20 views

Cross site request forgery (csrf)

joyplus-cms 1.6.0 has XSS via the devicename parameter in a manager/adminajax.php?action=save flag=add request...

3.5CVSS4.8AI score0.0064EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/04/13 4:0 p.m.26 views

CVE-2018-10096

joyplus-cms 1.6.0 has XSS via the devicename parameter in a manager/adminajax.php?action=save flag=add request...

4.9AI score0.0064EPSS
Exploits1References1
CNVD
CNVD
added 2016/05/14 12:0 a.m.3 views

Symphony CMS SQL Injection Vulnerability

Symphony is a content management system CMS developed using PHP MySQL. Symphony suffers from a SQL injection vulnerability because the program fails to adequately validate the 'fieldsusername', 'actionsave', and 'fieldsemail' parameters can be exploited to execute arbitrary SQL code in the...

8.6AI score
Exploits0References1
Rows per page
Query Builder