19 matches found
CVE-2026-3710
A security vulnerability has been detected in code-projects Simple Flight Ticket Booking System 1.0. This impacts an unknown function of the file /Adminadd.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp leads to sql injection. Remote exploitati...
EUVD-2026-10217
A security vulnerability has been detected in code-projects Simple Flight Ticket Booking System 1.0. This impacts an unknown function of the file /Adminadd.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp leads to sql injection. Remote exploitati...
CVE-2026-3710
A security vulnerability has been detected in code-projects Simple Flight Ticket Booking System 1.0. This impacts an unknown function of the file /Adminadd.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp leads to sql injection. Remote exploitati...
PT-2026-23919
A security vulnerability has been detected in code-projects Simple Flight Ticket Booking System 1.0. This impacts an unknown function of the file /Adminadd.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp leads to sql injection. Remote exploitati...
CVE-2025-69559
code-projects Computer Book Store 1.0 is vulnerable to File Upload in adminadd.php...
CVE-2025-69559
The CVE-2025-69559 entry concerns code-projects Computer Book Store 1.0, with a File Upload vulnerability in admin_add.php. Multiple connected sources corroborate this issue, including Red Hat, NVD, CVE List, and others. The available data identify the affected software/component as the admin_add...
CVE-2025-41038 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataGroupname' parameter in /apprain/admin/managegroup/add/...
CVE-2024-9083
A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file /Admin/add-admin.php. The manipulation of the argument txtfullname leads to cross site scripting. It is possible to initiate the attack remotely. The...
CVE-2022-45224
Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in Admin/add-admin.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter...
CVE-2025-4469
A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of the argument txtusername/txtfullname/txtpassword/txtpassword2 leads to cross site scripting. It is...
Web-Based Student Clearance System 跨站脚本漏洞
Web-Based Student Clearance System is a web-based student clearance system by the individual developer Ndueso Okorie. A security vulnerability exists in Web-Based Student Clearance System version v1.0, which was discovered to contain a cross-site scripting XSS vulnerability via Admin/add-admin.ph...
LFCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-00992)
Lei Feng TV CMS aka LFCMS is a video-on-demand system developed using PHP and MySQL. A cross-site request forgery vulnerability exists in the admin.php?s=/Member/add.html page in LFCMS version 3.8.6. A remote attacker can exploit this vulnerability to perform unauthorized operations...
CVE-2018-18431
An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI...
CVE-2018-18317
DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI...
CVE-2018-18317
DESHANG DSCMS 1.1 contains a cross-site request forgery (CSRF) vulnerability exposed via the public/index.php/admin/admin/add.html URI. A remote attacker can perform unauthorized operations through this endpoint. The CVE CVE-2018-18317 is documented in NVD with CVSSv2 base score 6.8 (Partial conf...
CVE-2018-16449
OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html...
Flexo CMS Cross-Site Request Forgery Vulnerability
Flexo CMS is an open source content management system CMS based on PHP and MySQL. A cross-site request forgery vulnerability exists in Flexo CMS version 0.1.6. An attacker can exploit this vulnerability to add an administrator account with the help of the /admin/user/add page...
idreamsoft iCMS cross-site scripting vulnerability (CNVD-2018-14096)
idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in versions of idreamsoft iCMS prior to 7.0.10. The vulnerability can be exploited by a remote attacker to inject arbitrary web script or HTML via the fourth and fif...
CVE-2018-9991
Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter...