PHP-SHOP 跨站请求伪造漏洞

PHP-SHOP is an online shopping system developed by joeyrush, based on PHP. Version 1.0 of PHP-SHOP has a cross-site request forgeing vulnerability. This vulnerability stems from the lack of verification of the request source, which may allow unauthenticated attackers to add administrative users...

CVE-2019-25682

CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint...

CVE-2026-4013

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file addadmin.php. Such manipulation leads to improper authorization. The attack may be launched remotely...

EUVD-2026-11546

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file addadmin.php. Such manipulation leads to improper authorization. The attack may be launched remotely...

CVE-2026-4013

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file addadmin.php. Such manipulation leads to improper authorization. The attack may be launched remotely...

CVE-2026-4013 SourceCodester Web-based Pharmacy Product Management System add_admin.php improper authorization

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file addadmin.php. Such manipulation leads to improper authorization. The attack may be launched remotely...

SourceCodester Web-based Pharmacy Product Management System 授权问题漏洞

SourceCodester Web-based Pharmacy Product Management System is an open-source pharmacy product management system developed by SourceCodester. Version 1.0 of the SourceCodester Web-based Pharmacy Product Management System has a vulnerability related to authorization issues, which stems from improp...

CVE-2020-37118

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

CVE-2020-37118

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

CVE-2020-37118

CVE-2020-37118 affects P5 FNIP-8x16A FNIP-4xSH 1.0.20. The vulnerability is a cross-site request forgery that can perform administrative actions without user interaction by tricking an authenticated user into loading a crafted page (e.g., adding admin users, changing passwords, modifying configs)...

CVE-2020-37118 P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin)

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

CVE-2020-37091 Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin)

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FA...

CVE-2020-37046

Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attackers can craft a malicious HTML form to submit admin credentials and create new administrative...

CVE-2023-43147

PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery CSRF to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers=pjActionCreate URI...

CVE-2026-0701

A vulnerability was identified in code-projects Intern Membership Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /intern/admin/addadmin.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

CVE-2026-0701

A vulnerability was identified in code-projects Intern Membership Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /intern/admin/addadmin.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

CVE-2026-0701 code-projects Intern Membership Management System add_admin.php sql injection

A vulnerability was identified in code-projects Intern Membership Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /intern/admin/addadmin.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

PT-2026-1975

Name of the Vulnerable Software and Affected Versions code-projects Intern Membership Management System version 1.0 Description A flaw exists in code-projects Intern Membership Management System 1.0 where manipulation of the Username argument in the file '/intern/admin/add admin.php' can lead to ...

Code-Projects Intern Membership Management System SQL注入漏洞

Intern Membership Management System is an intern membership management system. The Intern Membership Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter Username in the file /intern/admin/addadmin.php for externally entered SQL...

📄 Prison Management System 1.0 Shell Upload

This Metasploit module exploits an unrestricted file upload vulnerability in Prison Management System version 1.0. An authenticated user can upload a PHP file with arbitrary content by abusing the avatar upload functionality in the add-admin.php endpoint. The application fails to properly validat...