12 matches found
CVE-2026-30557
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addcategory.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HT...
CVE-2026-30557
CVE-2026-30557 : A reflected XSS vulnerability exists in the open‑source product SourceCodester Sales and Inventory System 1.0 . The flaw is in the file add_category.php via the query parameter msg , where input is not properly sanitized, enabling remote attackers to inject arbitrary web script/H...
CVE-2018-25207 Online Quiz Maker 1.0 SQL Injection via catid Parameter
Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST requests to quiz-system.php or add-category.php with crafted SQL payloads in POST parameters to...
CVE-2026-3135
A weakness has been identified in itsourcecode News Portal Project 1.0. The impacted element is an unknown function of the file /admin/add-category.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been made...
CVE-2026-3135
CVE-2026-3135 affects itsourcecode News Portal Project 1.0. The vulnerable element is an unknown function in /admin/add-category.php where the Category argument can be manipulated to trigger an SQL injection. This allows remote initiation of an attack, and public exploit availability is noted. Mu...
CVE-2025-14952
A vulnerability was detected in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/addcategory.php. Performing a manipulation of the argument txtCategoryName results in sql injection. The attack is possible to be carried out remotely. The exploit is now...
CVE-2025-9050
Projectworlds Travel Management System 1.0 has a SQL injection in /addcategory.php caused by manipulating the t1 parameter. The vulnerability is remote-exploitable and the exploit has been publicly disclosed. Several connected sources confirm the affected file and parameter but do not provide a c...
CVE-2025-5249
A vulnerability has been found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-category.php. The manipulation of the argument Category leads to sql injection. The attack can be launched remotely. T...
CVE-2025-5249
A vulnerability has been found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-category.php. The manipulation of the argument Category leads to sql injection. The attack can be launched remotely. T...
PHPGurukul News Portal Project 注入漏洞
News Portal Project is a news portal project. News Portal Project suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements for the parameter Category in the file /admin/add-category.php. An attacker can exploit this vulnerability ...
PHPGurukul Vehicle Parking Management System 注入漏洞
PHPGurukul Vehicle Parking Management System is a parking management system from PHPGurukul. An injection vulnerability exists in PHPGurukul Vehicle Parking Management System version 1.13, which results from SQL injection due to incorrect manipulation of the parameter catename in the file...
CVE-2025-3825
A vulnerability, which was classified as problematic, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this issue is some unknown functionality of the file add-category.php. The manipulation of the argument txtcategoryname leads to cross site scriptin...