CVE-2019-25529 Placeto CMS Alpha rv.4 SQL Injection via page Parameter

Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...

PT-2026-23683

EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the admin/edit source endpoint with crafted SQL UNION statements to extract database...

CVE-2019-25490

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive...

PT-2026-22358

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive...

Cross-site Scripting (XSS)

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the admin/edit endpoint. An attacker can execute arbitrary scripts in the context of the admin interface by...

PT-2024-36441 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: Kashipara E-learning Management System version 1.0 Description: A SQL injection issue was found in the /admin/edit teacher.php endpoint, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized access to the database...

PT-2024-34433 · Unknown · Kashipara E-Learning Management System Project

Name of the Vulnerable Software and Affected Versions: KASHIPARA E-learning Management System Project version 1.0 Description: A SQL Injection issue was found in the /admin/edit student.php endpoint via the cys, un, ln, fn, and id parameters. This allows for potential unauthorized access to...

PT-2024-16306 · Linzhaoguan · Linzhaoguan Pb-Cms

Name of the Vulnerable Software and Affected Versions: LinZhaoguan pb-cms versions up to 2.0.1 Description: A problematic issue has been found in the Edit Article Handler component, affecting the processing of the file "/adminarticle/edit?id=2". This leads to cross-site scripting, and the attack...