4 matches found
CVE-2020-37147
ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'id' parameter of the admindelete.php...
CVE-2025-8326
A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/deletes7.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...
CVE-2025-8270
A vulnerability was found in code-projects Exam Form Submission 1.0. It has been classified as critical. This affects an unknown part of the file /admin/deletes2.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...
NoneCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-35786)
NoneCMS is a content management system CMS based on Thinkphp. A cross-site request forgery vulnerability exists in the public/index.php/admin/admin/dele.html page in NoneCMS v1.3, which can be exploited by an attacker to send an unintended request to the server via an affected client...