PT-2026-2167

Name of the Vulnerable Software and Affected Versions GestSup versions up to and including 3.2.56 Description The application does not verify the authenticity of client requests, leading to a cross-site request forgery condition. An attacker can potentially trick a logged-in user into submitting...

CVE-2025-15408

A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Createproduct.php. Performing a manipulation of the argument dretitle results in sql injection. The attack is possible to be carried out remotely. The exploit has been made publi...

CVE-2025-15408

A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Createproduct.php. Performing a manipulation of the argument dretitle results in sql injection. The attack is possible to be carried out remotely. The exploit has been made publi...

CVE-2025-15407

A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Createcategory.php. Such manipulation of the argument dreCtitle leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public an...

CVE-2025-15407

A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Createcategory.php. Such manipulation of the argument dreCtitle leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public an...

CVE-2025-15408

A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Createproduct.php. Performing a manipulation of the argument dretitle results in sql injection. The attack is possible to be carried out remotely. The exploit has been made publi...

CVE-2025-15407

CVE-2025-15407 affects code-projects Online Guitar Store 1.0. The vulnerability is a SQL injection in an unknown function of the file /admin/Create_category.php, triggered by manipulation of the dre_Ctitle parameter. Exploitation could be performed remotely, and public disclosures exist. Multiple...

CVE-2025-15407 code-projects Online Guitar Store Create_category.php sql injection

A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Createcategory.php. Such manipulation of the argument dreCtitle leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public an...

CVE-2025-15407 code-projects Online Guitar Store Create_category.php sql injection

A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Createcategory.php. Such manipulation of the argument dreCtitle leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public an...

PT-2026-1012

Name of the Vulnerable Software and Affected Versions code-projects Online Guitar Store version 1.0 Description A SQL injection issue exists in code-projects Online Guitar Store version 1.0. The issue affects an unknown function within the /admin/Create category.php file. Manipulation of the dre...

PT-2026-1014

Name of the Vulnerable Software and Affected Versions code-projects Online Guitar Store version 1.0 Description A SQL injection issue exists in code-projects Online Guitar Store version 1.0. The issue is located in an unknown function within the /admin/Create product.php file. Manipulating the dr...

bagisto has Cross Site Scripting (XSS) in Create New Customer

Summary In Bagisto v2.3.7, the “Create New Customer” feature in the admin panel is vulnerable to reflected / stored Cross-Site Scripting XSS. An attacker with access to the admin create-customer form can inject malicious JavaScript payloads into certain input fields. These payloads may later...

CVE-2025-62414

Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the “Create New Customer” feature in the admin panel is vulnerable to Cross-Site Scripting XSS. An attacker with access to the admin create-customer form can inject malicious JavaScript payloads into certain input fields...

GHSA-287X-6R2H-F9MW UnoPim vulnerable to CSRF on Product edit feature and creation of other types

Summary Some of the endpoints of the application is vulnerable to Cross site Request forgery CSRF. | Method | Endpoint | Status | Reason | |:------:|:------:|:------:|:------:| | POST | /admin/catalog/products/create | Not Vulnerable :whitecheckmark: | X-XSRF-TOKEN header used | | GET |...

PYSEC-2025-17

In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user accou...

E-Commerce-PHP 代码注入漏洞

E-Commerce-PHP is an e-commerce application using native PHP by the individual developer Kurnia Ramadhan Putra. A code injection vulnerability exists in E-Commerce-PHP version 1.0, which stems from the parameter Name in the file /admin/createproduct.php can lead to cross-site scripting attacks...

CVE-2024-9815

A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack can be...

Codezips Tourist Management System 代码问题漏洞

Codezips Tourist Management System is an open source tourism management system from Codezips. A code issue vulnerability exists in Codezips Tourist Management System version 1.0, which stems from the parameter packageimage in /admin/create-package.php that can lead to unrestricted uploads...

PT-2024-39860 · Codezips · Codezips Tourist Management System

Name of the Vulnerable Software and Affected Versions: Codezips Tourist Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown functionality of the file /admin/create-package.php. The manipulation of the packageimage argument leads to...

FeehiCMS 代码问题漏洞

FeehiCMS is a Php based CMS website builder by Liufee personal developer. A code issue vulnerability exists in FeehiCMS version 2.1.1 and prior versions, which originates from an unverified file upload vulnerability in the Useravatar parameter of the /admin/index.php?r=user%2Fcreate file...