Saltcorn's Reflected XSS and Command Injection vulnerabilities can be chained for 1-click-RCE

Summary 1. There is a reflected XSS vulnerability in the GET /admin/edit-codepage/:name route through the name parameter. This can be used to hijack the session of an admin if they click a specially crafted link. 2. Additionally, there is a Command Injection vulnerability in GET /admin/backup. Th...

CVE-2022-38605

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/editevent.php...

CVE-2022-23380

There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin=2=edit...

CVE-2026-0582

A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/editactivityquery.php. The manipulation of the argument Title leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be...

CVE-2026-0582 itsourcecode Society Management System edit_activity_query.php sql injection

A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/editactivityquery.php. The manipulation of the argument Title leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be...

CVE-2026-0582 itsourcecode Society Management System edit_activity_query.php sql injection

A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/editactivityquery.php. The manipulation of the argument Title leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be...

CVE-2026-0582

The CVE pertains to itsourcecode Society Management System 1.0. A SQL injection vulnerability exists in the file /admin/edit_activity_query.php triggered by manipulating the Title parameter, with exploitation described as remote and publicly available. Affected component/file: /admin/edit_activit...

PT-2026-1237

Name of the Vulnerable Software and Affected Versions itsourcecode Society Management System version 1.0 Description A flaw exists in itsourcecode Society Management System 1.0 that allows for remote SQL injection. The issue is located in the file '/admin/edit activity query.php', specifically...

itsourcecode Society Management System SQL注入漏洞

itsourcecode Society Management System is an itsourcecode open source society management system. A SQL injection vulnerability exists in version 1.0 of itsourcecode Society Management System, which stems from an incorrect manipulation of the parameter Title in the file /admin/editactivityquery.ph...

CVE-2026-0566

A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/editposts.php. The manipulation of the argument image leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-0566

A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/editposts.php. The manipulation of the argument image leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-0566

A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/editposts.php. The manipulation of the argument image leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-0566

CVE-2026-0566 affects code-projects Content Management System 1.0. The vulnerability lies in the /admin/edit_posts.php script where manipulating the image parameter enables unrestricted file uploads. Exploitation is possible remotely, and the exploit has been publicly disclosed. Public data show ...

CVE-2026-0566 code-projects Content Management System edit_posts.php unrestricted upload

A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/editposts.php. The manipulation of the argument image leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-0547

A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be...

CVE-2026-0547

A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be...

PT-2026-1107

Name of the Vulnerable Software and Affected Versions code-projects Content Management System version 1.0 Description A security issue exists in code-projects Content Management System. The manipulation of the image argument in a file, /admin/edit posts.php, allows for unrestricted file upload...

PHPGurukul Online Course Registration 代码问题漏洞

PHPGurukul Online Course Registration is an online course registration system from PHPGurukul, Inc. A code issue vulnerability exists in PHPGurukul Online Course Registration 3.1 and earlier versions, which stems from incorrect manipulation of the parameter photo in the component student...

CVE-2025-15390

A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for...

CVE-2025-15262

A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The...