CVE-2018-25352

The CVE-2018-25352 entry concerns the WordPress plugin Ultimate Form Builder Lite (version 1.3.7 and earlier). The vulnerability is a SQL injection in the entry_id parameter, exploitable via POST to admin-ajax.php with the ufbl_get_entry_detail_action action. Authenticated attackers can manipulat...

CVE-2026-7295

CVE-2026-7295 affects SourceCodester Pizzafy Ecommerce System 1.0. The vulnerability lies in the /admin/ajax.php?action=save_menu function, where manipulating the Name argument enables cross-site scripting (XSS). Exploitation can be performed remotely; the exploit has been disclosed publicly. No ...

EUVD-2026-26034

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This impacts the function savecategory of the file /admin/ajax.php?action=savecategory. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2026-7266 SourceCodester Pizzafy Ecommerce System ajax.php save_order sql injection

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function saveorder of the file /admin/ajax.php?action=saveorder. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public an...

CVE-2026-7264

SourceCodester Pizzafy Ecommerce System 1.0 contains a SQL injection flaw in the get_cart_items function (/admin/ajax.php?action=get_cart_items). The vulnerability is triggered by manipulating the ID argument, allowing remote exploitation. Public exploit material is available. No remediation deta...

CVE-2026-7227 SourceCodester Pizzafy Ecommerce System ajax.php login sql injection

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

PT-2026-35665

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function get cart count of the file /admin/ajax.php?action=get cart count. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit ha...

CampCodes Online Recruitment Management System 代码问题漏洞

CampCodes Online Recruitment Management System is a recruitment management system from CampCodes Philippines, Inc. A code issue vulnerability exists in Campcodes Online Recruitment Management System version 1.0 due to an unrestricted upload as a result of incorrect manipulation of the parameter i...

CampCodes Online Recruitment Management System 注入漏洞

CampCodes Online Recruitment Management System is a recruitment management system from CampCodes Philippines. An injection vulnerability exists in CampCodes Online Recruitment Management System version 1.0, which is caused by an incorrect manipulation of the parameter positionid in the file...

CVE-2023-1365

A vulnerability was found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The...

CVE-2017-18634

The newspaper theme before 6.7.2 for WordPress has script injection via tdadsheader to admin-ajax.php...

CVE-2018-15818

An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php...

CVE-2023-51048

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Anewsauth parameter at /admin/ajax.php...

CVE-2023-51049

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Abbsauth parameter at /admin/ajax.php...

PT-2023-31748 · S Cms · S-Cms

Name of the Vulnerable Software and Affected Versions: S-CMS version 5.0 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the A newsauth parameter at the "/admin/ajax.php" API endpoint. Recommendations: For S-CMS version 5.0, consider restricting access ...

CVE-2017-18634

The newspaper theme before 6.7.2 for WordPress has script injection via tdadsheader to admin-ajax.php...

adler-pharma.at XSS vulnerability

Open Bug Bounty ID: OBB-637736 Description| Value ---|--- Affected Website:| adler-pharma.at Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...