CVE-2025-15409 code-projects Online Guitar Store Delete_product.php sql injection

A vulnerability was determined in code-projects Online Guitar Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/Deleteproduct.php. Executing a manipulation of the argument delpro can lead to sql injection. The attack may be performed from remote. The exploit...

RiteCMS File Containment Vulnerability

RiteCMS is an open source content management system based on php and sqlite. RiteCMS has a file inclusion vulnerability, the vulnerability stems from the admin.php component does not do effective filtering of local file resource calls, an attacker can use this vulnerability to read any file on th...

CVE-2025-11508

A security vulnerability has been detected in code-projects Voting System 1.0. This affects an unknown function of the file /admin/votersadd.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and...

CVE-2025-11505

A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/new-appointment.php. The manipulation of the argument delid leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly availab...

SourceCodester Student Grades Management System 安全漏洞

SourceCodester Student Grades Management System is a SourceCodester open source student grades management system. A security vulnerability exists in SourceCodester Student Grades Management System version 1.0, which originates from an incorrect manipulation of the parameters firstname and lastnam...

CVE-2025-10840

CVE-2025-10840 affects SourceCodester Pet Grooming Management Software 1.0. The vulnerability is a SQL injection in the file /admin/print-payment.php via manipulation of the sql111 argument, enabling remote exploitation. Public exploits exist. Multiple sources report impact across confidentiality...

Apartment Management System /admin.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in ddlBranch, a parameter of the Setting Handler component in file...

CVE-2025-8968

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/disapproveuser.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The explo...

The Scratch Channel 安全漏洞

The Scratch Channel is a project website of The Scratch Channel open source. A security vulnerability exists in The Scratch Channel, which stems from a code issue in the api/admin.js file that could lead to a cross-site scripting attack...

CVE-2020-10424

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-fields.php by adding a question mark ? followed by the payload...

CVE-2017-15733

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery CSRF in admin/ajax.attachment.php and admin/att.main.php...

Zoo Management System /admin/edit-animal-details.php File SQL Injection Vulnerability

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter aname in the file /admin/edit-animal-details.php. An attacker can exploit this...

Art Gallery Management System manage-art-medium.php File SQL Injection Vulnerability

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter artmed in the file /admin/manage-art-medium.php. An attacke...

Curfew e-Pass Management System /admin/search-pass.php File SQL Injection Vulnerability

Curfew e-Pass Management System is an electronic pass management system. The Curfew e-Pass Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the /admin/search-pass.php file parameter searchdata. An...

PT-2024-24649 · Sourcecodester · Sourcecodester Internship Portal Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Internship Portal Management System version 1.0 Description: A critical vulnerability was found in the SourceCodester Internship Portal Management System. This issue affects the file admin/add admin.php and is related to the...

CVE-2022-24677

Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php...