Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.12 views

CVE-2026-9542

A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/addstaff.php. Executing a manipulation of the argument emailid can lead to sql injection. The attack can be launched remotely. The exploit has been made availabl...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 2:16 p.m.15 views

CVE-2026-9542

A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/addstaff.php. Executing a manipulation of the argument emailid can lead to sql injection. The attack can be launched remotely. The exploit has been made availabl...

6.5CVSS0.00196EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/26 12:0 p.m.8 views

CVE-2026-9542 CodeAstro Leave Management System add_staff.php sql injection

A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/addstaff.php. Executing a manipulation of the argument emailid can lead to sql injection. The attack can be launched remotely. The exploit has been made availabl...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/26 12:0 p.m.39 views

CVE-2026-9542 CodeAstro Leave Management System add_staff.php sql injection

A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/addstaff.php. Executing a manipulation of the argument emailid can lead to sql injection. The attack can be launched remotely. The exploit has been made availabl...

6.5CVSS0.00196EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/26 12:0 p.m.12 views

EUVD-2026-31815

A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/addstaff.php. Executing a manipulation of the argument emailid can lead to sql injection. The attack can be launched remotely. The exploit has been made availabl...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:0 p.m.8 views

CVE-2026-9542

A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/addstaff.php. Executing a manipulation of the argument emailid can lead to sql injection. The attack can be launched remotely. The exploit has been made availabl...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/26 12:0 p.m.20 views

CVE-2026-9542

CodeAstro Leave Management System 1.0 has a SQL injection vulnerability in /admin/add_staff.php via manipulating the email_id parameter. The issue arises from an as‑yet unnamed function and is exploitable remotely, with public exploits available. CVSS metrics are provided (e.g., COND/PR/L impacts...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

CodeAstro Leave Management System SQL注入漏洞

The CodeAstro Leave Management System is a leave management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Leave Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of the emailid parameter by an unknown function in the file...

6.5CVSS6.6AI score0.00196EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.7 views

CVE-2026-0730

A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the function ADDSTAFF/UPDATESTAFF of the file /staffleave/slms/slms/adminviews.py of the component SVG File Handler. Executing a manipulation of the argument profilepic can lead to cross site scripting...

4.8CVSS5.2AI score0.00238EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/09 12:30 a.m.8 views

EUVD-2026-1658

A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the function ADDSTAFF/UPDATESTAFF of the file /staffleave/slms/slms/adminviews.py of the component SVG File Handler. Executing a manipulation of the argument profilepic can lead to cross site scripting...

4.8CVSS5.1AI score0.00238EPSS
Exploits1References6
CVE
CVE
added 2026/01/08 10:2 p.m.13 views

CVE-2026-0730

PHPGurukul Staff Leave Management System 1.0 is affected by a cross-site scripting vulnerability in the SVG File Handler, specifically the ADD_STAFF/UPDATE_STAFF function in /staffleave/slms/slms/adminviews.py. Manipulating the profile_pic argument can trigger XSS, with remote exploitation report...

4.8CVSS5.2AI score0.00238EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.7 views

PT-2026-1980

Name of the Vulnerable Software and Affected Versions PHPGurukul Staff Leave Management System version 1.0 Description A flaw exists in PHPGurukul Staff Leave Management System 1.0 related to cross-site scripting. The issue is located in the ADD STAFF/UPDATE STAFF function within the...

4.8CVSS5.6AI score0.00238EPSS
Exploits1References12
OSV
OSV
added 2025/06/25 1:15 p.m.6 views

CVE-2025-6604

A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/add-staff.php. The manipulation of the argument Name leads to sql injection. It is possible to initiate the attack remotely. The exploit has be...

8.8CVSS5.7AI score0.00361EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/06/25 12:0 a.m.3 views

SourceCodester Best Salon Management System 安全漏洞

SourceCodester Best Salon Management System is a SourceCodester open source salon management system. A security vulnerability exists in SourceCodester Best Salon Management System version 1.0, which stems from the improper handling of the parameter Name in the file /panel/add-staff.php, which cou...

8.8CVSS6.9AI score0.00361EPSS
Exploits1References6
OSV
OSV
added 2024/11/23 8:15 a.m.3 views

CVE-2024-9941

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJgmgtaddstaffmember function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS7.3AI score0.00582EPSS
Exploits0References2
OSV
OSV
added 2024/09/29 7:15 a.m.5 views

CVE-2024-9323

A vulnerability was found in SourceCodester Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/action/addstaff.php. The manipulation leads to cross site scripting. The attack can be launched remotely. T...

5.4CVSS3.7AI score0.00379EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/09/29 12:0 a.m.4 views

Inventory Management System 跨站脚本漏洞

Inventory Management System is an inventory management system for stemword individual developers. A cross-site scripting vulnerability exists in SourceCodester Inventory Management System version 1.0, which stems from a cross-site scripting issue contained in the /app/action/addstaff.php page...

5.4CVSS4.6AI score0.00379EPSS
Exploits1References6
Rows per page
Query Builder