PT-2026-5801

Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie...

CVE-2026-1534

A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available ...

CVE-2026-1595

A vulnerability was detected in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/editstudentquery.php. The manipulation of the argument studentid results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2026-1595

A vulnerability was detected in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/editstudentquery.php. The manipulation of the argument studentid results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2026-1595

The CVE-2026-1595 vulnerability affects itsourcecode Society Management System 1.0. It targets the /admin/edit_student_query.php component, where manipulating the student_id parameter causes a SQL injection. Multiple connected sources (Red Hat , NVD/CVELIST , PT-Security , and others**) confirm r...

CVE-2026-1593

A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editexpensesquery.php. Executing a manipulation of the argument detail can lead to sql injection. The attack may be launched remotely. The...

CVE-2026-1593 itsourcecode Society Management System edit_expenses_query.php sql injection

A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editexpensesquery.php. Executing a manipulation of the argument detail can lead to sql injection. The attack may be launched remotely. The...

Itsourcecode Society Management System SQL Injection Vulnerability

itsourcecode Society Management System is an open-source social management system developed by itsourcecode. Version 1.0 of the itsourcecode Society Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter studentid in the file...

PT-2026-5306

A vulnerability was detected in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit student query.php. The manipulation of the argument student id results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2026-1534

A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available ...

CVE-2026-1534

A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available ...

EUVD-2026-4857

A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available ...

CVE-2026-1534

The CVE-2026-1534 affects code-projects Online Music Site 1.0, specifically the file /Administrator/PHP/AdminEditUser.php. The vulnerability arises from manipulation of the ID argument, enabling SQL injection that can be exploited remotely, with public exploits available. Multiple sources (NVD, R...

CVE-2026-1534 code-projects Online Music Site AdminEditUser.php sql injection

A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available ...

CVE-2026-1534 code-projects Online Music Site AdminEditUser.php sql injection

A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available ...

PT-2026-5224

Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0 Description A flaw exists in code-projects Online Music Site 1.0. The issue involves the manipulation of the ID argument, leading to SQL injection. This can be exploited remotely through a file locat...

Code-Projects Online Music Site SQL Injection Vulnerability

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters related to files, administrators, and the...

Cross-site Scripting (XSS)

Overview @saltcorn/admin-models is a models only required by the admin interface for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to Cross-site Scripting XSS and code execution, via the name parameter on the /admin/edit-codepage endpoint and improper...

Cross-site Scripting (XSS)

Overview @saltcorn/server is a Server app for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to Cross-site Scripting XSS and code execution, via the name parameter on the /admin/edit-codepage endpoint and improper handling of backup password input to the...

Cross-site Scripting (XSS)

Overview @saltcorn/data is a Data models for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to Cross-site Scripting XSS and code execution, via the name parameter on the /admin/edit-codepage endpoint and improper handling of backup password input to the...