CVE-2025-14730 CTCMS Content Management System Backend System Configuration Ct_Config.php code injection

A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/CtConfig.php of the component Backend System Configuration Module. The manipulation of the argument CjAdd/CjEdit results in code injection. Th...

CVE-2024-32641 Masa CMS Vulnerable to Pre-Auth RCE via JSON API

Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 are vulnerable to remote code execution. The vulnerability exists in the addParam function, which accepts user input via the criteria parameter. This input is subsequently...

CVE-2025-11410

A flaw has been found in Campcodes Advanced Online Voting Management System 1.0. This affects an unknown function of the file /admin/votersadd.php. Executing manipulation of the argument firstname can lead to sql injection. The attack can be executed remotely. The exploit has been published and m...

Simple Grading System add_student_grade.php File SQL Injection Vulnerability

Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Add in the file /addstudentgrade.php. An attacker can exploit this vulnerability to...

Code-Projects Simple Grading System 安全漏洞

Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Add in the file /addstudentgrade.php. An attacker can exploit this vulnerability to...

itsourcecode Apartment Management System 安全漏洞

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /branch/addbranch.php. An attacker can exploit this...

CVE-2025-1903

A vulnerability was found in Codezips Online Shopping Website 1.0. It has been rated as critical. This issue affects some unknown processing of the file /cartadd.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed t...

CVE-2025-0228

A vulnerability has been found in code-projects Local Storage Todo App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /js-todo-app/index.html. The manipulation of the argument Add leads to cross site scripting. The attack can be initiated remotely. The...

Simple Task Managing System 跨站脚本漏洞

Simple Task Managing System is a simple task management system. Simple Task Managing System suffers from a cross-site scripting vulnerability that stems from its unknown code manipulation of the parameter studentadd resulting in cross-site scripting. The attack method can be initiated remotely an...

CVE-2021-34666

The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the add parameter in the /wpsidebarMenu.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.0...

CVE-2019-12720

AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvcsendmail.aspx MailAdd parameter SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picturemanagemvc.aspx plantno parameter, the...

Subsonic Media Server Cross-Site Scripting Vulnerability

Subsonic Media Server is a media file hosting platform. A cross-site scripting vulnerability in the podcast subscription form in Subsonic Media Server version 6.1.1 can be exploited by a remote attacker by sending the 'add' parameter to the podcastReceiverAdmin.view file to manipulate a user's...

CVE-2018-9282

An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipulate a...

CVE-2018-15842

WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter...

Sql injection

Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow 1 remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and 2 remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a...