23 matches found
CVE-2026-8130
A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This affects an unknown function of the file /admin/message.php. The manipulation of the argument seenid leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be...
CVE-2026-8130 SourceCodester SUP Online Shopping message.php sql injection
A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This affects an unknown function of the file /admin/message.php. The manipulation of the argument seenid leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be...
CVE-2026-8130
A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This affects an unknown function of the file /admin/message.php. The manipulation of the argument seenid leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be...
PT-2026-38653
Name of the Vulnerable Software and Affected Versions SourceCodester SUP Online Shopping version 1.0 Description An issue exists in the file '/admin/message.php' where the manipulation of the seenid argument allows for SQL injection, a technique used to interfere with the queries that an...
SourceCodester SUP Online Shopping 注入漏洞
SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping has a vulnerability related to SQL injection, which arises from improper handling of the parameter seenid in the file admin/message.php...
CVE-2026-5252
The CVE-2026-5252 entry concerns z-9527 admin 1.0/2.0 with a vulnerability in the Message Create Endpoint. Specifically, manipulation of an as-yet-unknown function in /server/routes/message.js can cause cross-site scripting. The flaw is remotely exploitable and an exploit is publicly available. T...
CVE-2026-2090
A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue affects some unknown processing of the file /admin/message/search.php. Executing a manipulation of the argument term can lead to sql injection. The attack can be executed remotely. The exploit has been...
CVE-2026-2090
A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue affects some unknown processing of the file /admin/message/search.php. Executing a manipulation of the argument term can lead to sql injection. The attack can be executed remotely. The exploit has been...
CVE-2026-2090
A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue affects some unknown processing of the file /admin/message/search.php. Executing a manipulation of the argument term can lead to sql injection. The attack can be executed remotely. The exploit has been...
CVE-2026-2090 SourceCodester Online Class Record System search.php sql injection
A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue affects some unknown processing of the file /admin/message/search.php. Executing a manipulation of the argument term can lead to sql injection. The attack can be executed remotely. The exploit has been...
CVE-2025-12160
The Simple User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpradminmsg' parameter in all versions up to, and including, 6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-12160 Simple User Registration <= 6.6 - Unauthenticated Stored Cross-Site Scripting
The Simple User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpradminmsg' parameter in all versions up to, and including, 6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
EUVD-2025-198431
The Simple User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpradminmsg' parameter in all versions up to, and including, 6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-12160 Simple User Registration <= 6.6 - Unauthenticated Stored Cross-Site Scripting
The Simple User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpradminmsg' parameter in all versions up to, and including, 6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
bicycleSharingServer 注入漏洞
bicycleSharingServer is a bicycle sharing JavaWEB backend for huija individual developers in China. An injection vulnerability exists in bicycleSharingServer, which stems from improper manipulation of the Title parameter in the searchAdminMessageShow function in the AdminController.java file, whi...
CVE-2024-11130
A vulnerability was found in ZZCMS up to 2023. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/msg.php. The manipulation of the argument keyword leads to cross site scripting. The attack may be launched remotely. The exploit has been...
CVE-2020-35430
SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem...
CVE-2018-10132
PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter...
WordPress Payment Form for PayPal Pro Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Payment Form for PayPal Pro plugin is used in one of the payment plugin. WordPress Payment Form for PayPal Pro...
CVE-2017-12984
PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/messageupdate.php...