608 matches found
CVE-2025-1202
A vulnerability classified as critical has been found in SourceCodester Best Church Management Software 1.1. Affected is an unknown function of the file /admin/editslider.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has...
CVE-2025-1195
A vulnerability, which was classified as problematic, has been found in code-projects Real Estate Property Management System 1.0. This issue affects some unknown processing of the file /Admin/EditCategory. The manipulation of the argument CategoryId leads to cross site scripting. The attack may b...
PT-2025-6847 · Sourcecodester · Sourcecodester Best Church Management
Name of the Vulnerable Software and Affected Versions: SourceCodester Best Church Management Software version 1.1 Description: A critical issue has been found in the software, affecting an unknown function of the file /admin/edit slider.php. The manipulation of the id argument leads to SQL...
CVE-2020-13566
SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/editgroup.php, when the POST parameter action is “Delete”, the POST parameter deletegroup leads to a SQL...
CVE-2025-25062
An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaScript that may be executed when an...
CVE-2025-0536
A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0. This vulnerability affects unknown code of the file /admin/editaction.php. The manipulation of the argument attendanceid leads to sql injection. The attack can be initiated remotely. The...
1000 Projects Attendance Tracking Management System 注入漏洞
1000 Projects Attendance Tracking Management System is an open source attendance management system from 1000 Projects. An injection vulnerability exists in version 1.0 of 1000 Projects Attendance Tracking Management System, which originates from the parameter attendanceid in file...
CVE-2024-57488
Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site Scripting XSS via the vehicalorcview parameter in /admin/edit-vehicle.php...
CVE-2024-13076
A vulnerability, which was classified as problematic, has been found in PHPGurukul Land Record System 1.0. This issue affects some unknown processing of the file /admin/edit-propertytype.php. The manipulation of the argument Property Type leads to cross site scripting. The attack may be initiated...
PHPGurukul Land Record System 安全漏洞
PHPGurukul Land Record System is a land management system from PHPGurukul. A security vulnerability exists in PHPGurukul Land Record System version 1.0, which originates from the parameter Property Type in the file /admin/edit-propertytype.php that leads to cross-site scripting...
Small CRM /admin/edit-user.php File SQL Injection Vulnerability
Small CRM is a customer relationship management system. Small CRM suffers from a SQL injection vulnerability, which originates from an SQL injection vulnerability in the id parameter of the /admin/edit-user.php file. An attacker can exploit this vulnerability to obtain sensitive information or...
CVE-2024-13016
A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-category.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The...
CVE-2024-12999
A vulnerability has been found in PHPGurukul Small CRM 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...
PT-2024-17859 · Unknown · Phpgurukul Small Crm
Name of the Vulnerable Software and Affected Versions: PHPGurukul Small CRM version 1.0 Description: A critical issue has been found in the unknown code of the file /admin/edit-user.php. The manipulation of the id argument leads to SQL injection. The attack can be initiated remotely. The exploit...
PHPGurukul Small CRM 注入漏洞
Small CRM is a customer relationship management system. Small CRM suffers from a SQL injection vulnerability, which originates from an SQL injection vulnerability in the id parameter of the /admin/edit-user.php file. An attacker can exploit this vulnerability to obtain sensitive information or...
CVE-2024-54924
A SQL Injection was found in /admin/editcontent.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters...
CVE-2024-54923
A SQL Injection vulnerability was found in /admin/editteacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter...
CVE-2024-54922
A SQL Injection was found in /admin/edituser.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters...
PT-2024-36440 · Unknown · Kashipara E-Learning Management System
Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A SQL Injection issue was found in the /admin/edit user.php file, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized access to the database via the...
PT-2024-36442 · Unknown · Kashipara E-Learning Management System
Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A SQL injection issue was found in the /admin/edit content.php endpoint, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized access to the database...