CVE-2025-8495 code-projects Intern Membership Management System edit_admin_query.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /admin/editadminquery.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack...

CVE-2025-8251 code-projects Exam Form Submission delete_s4.php sql injection

A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/deletes4.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The...

CVE-2025-7210

The CVE-2025-7210 entry concerns code-projects/Fabian Ros Library Management System 2.0, where the admin/profile_update.php function is vulnerable due to improper handling of the photo parameter, enabling unrestricted file upload. This is described as a remote, publicly disclosed exploit with pot...

PT-2025-26286 · Unknown · Code-Projects Online Shoe Store

Name of the Vulnerable Software and Affected Versions: code-projects Online Shoe Store version 1.0 Description: A critical issue was found in the code-projects Online Shoe Store, affecting an unknown functionality of the file /admin/admin running.php. The manipulation of the qty argument leads to...

CVE-2025-6173

A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajaxproductslist.php. The manipulation of the argument packItself leads to sql injection. The attack can be launched remotely. The exploit has be...

CVE-2025-5632

A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/users.php. The manipulation of the argument changetoadmin leads to sql injection. T...

📄 Unifiedtransform 2.x Course Editor Missing Authorization

Unifiedtransform version 2.x allows any user to access and modify course records via the /course/edit/id endpoints. Description Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Any user students and teachers can access and modify course details via the /course/edit/id endpoints...

CVE-2025-5135 Tmall Demo Product Details Page admin cross site scripting

A vulnerability, which was classified as problematic, has been found in Tmall Demo up to 20250505. Affected by this issue is some unknown functionality of the file /tmall/admin/ of the component Product Details Page. The manipulation of the argument Product Name/Product Title leads to cross site...

CVE-2024-13194

A vulnerability was found in Sucms 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/adminmembers.php?ac=search. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed t...

CVE-2023-3034

Reflected XSS affects the ‘mode’ parameter in the /admin functionality of the web application in versions =2.0.44...

CVE-2022-28435

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php=displaygoal=1=1...

CVE-2021-38120

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1...

CVE-2021-24771

The Inspirational Quote Rotator WordPress plugin through 1.0.0 does not sanitize and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the "Quotes list" even when the unfilteredhtml capability is disallo...

Improper Access Control

com.baidu.mapp:brcc-core is vulnerable to Improper Access Control. The vulnerability is due to insufficient authorization checks due to the /admin/ API accepting crafted requests that grant unauthorized access to admin functionality...

Dolphin Pro 7.4.2 SQL Injection

Dolphin Pro version 7.4.2 suffers from a remote SQL injection vulnerability. Exploit Title: SQL Injection in Admin Functionality - dolphin.prov7.4.2 Date: 03/2025 Exploit Author: Andrey Stoykov Version: 7.4.2 Date: 03/2025 Tested on: Debian 12 Blog:...

GHSA-FJCF-3J3R-78RP LiteLLM Has an Improper Authorization Vulnerability

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...

CVE-2025-0628

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...

CVE-2017-20067

A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack can be launched...

CVE-2025-0706 JoeyBling bootplus admin.html cross site scripting

A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/sys/admin.html. The manipulation leads to cross site scripting. The attack may be launched remotely...

PT-2025-3892 · Netvision Information · Airpass

Name of the Vulnerable Software and Affected Versions: airPASS from NetVision Information affected versions not specified Description: The issue allows unauthenticated remote attackers to access specific administrative functionality, enabling them to retrieve all accounts and passwords. This pose...