CVE-2025-50904

There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 2025-06-11. An attacker can exploit this vulnerability to access /admin/ API without any token...

CVE-2024-57154

CVE-2024-57154 concerns dts-shop v0.0.1-SNAPSHOT, where an improper access control mechanism allows an attacker to bypass authentication by sending a crafted payload to the /admin/auth/index endpoint. The vulnerability affects the authentication flow in the dts-shop application (version v0.0.1-SN...

CVE-2025-50904

CVE-2025-50904 describes an authentication bypass in WinterChenS my-site via commit 6c79286 (2025-06-11). An attacker can access the /admin/ API without a token, with CVSS v3.1 score 9.8 (CRITICAL; AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Affected software is WinterChenS my-site, through the specifi...

CVE-2025-50904

There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 2025-06-11. An attacker can exploit this vulnerability to access /admin/ API without any token...

CVE-2024-57154

Incorrect access control in dts-shop v0.0.1-SNAPSHOT allows attackers to bypass authentication via sending a crafted payload to /admin/auth/index...

CVE-2025-9150

An SQL injection vulnerability exists in Surbowl dormitory-management-php (up to commit 9f1d9d1f528cabffc66fda3652c56ff327fda317) via manipulation of the id parameter in /admin/violation_add.php. It can be exploited remotely, and an exploit is publicly available. Rolling release means version inf...

CVE-2025-9101

CVE-2025-9101 concerns zhenfeng13 My-Blog (

CVE-2025-9010

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/bookingreport.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The explo...

CVE-2025-9017 PHPGurukul Zoo Management System add-foreigner-ticket.php cross site scripting

A vulnerability has been found in PHPGurukul Zoo Management System 2.1. This vulnerability affects unknown code of the file /admin/add-foreigner-ticket.php. The manipulation of the argument visitorname leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

itsourcecode Online Tour and Travel Management System 安全漏洞

itsourcecode Online Tour and Travel Management System is a itsourcecode open source online tour and travel management system. A security vulnerability exists in version 1.0 of itsourcecode Online Tour and Travel Management System, which is caused by a SQL injection due to incorrect manipulation o...

CVE-2025-8981 itsourcecode Online Tour and Travel Management System payment.php sql injection

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/payment.php. The manipulation of the argument paymenttype leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-8960

The affected product is Campcodes Online Flight Booking Management System 1.0. The vulnerability exists in the /admin/save_airlines.php functionality and is triggered by manipulating the ID parameter to cause SQL injection. Exploitation is remote and the exploit has been publicly disclosed. Impac...

CVE-2025-8859

A vulnerability was identified in code-projects eBlog Site 1.0. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit...

CVE-2025-8859 code-projects eBlog Site File Upload save-slider.php unrestricted upload

A vulnerability was identified in code-projects eBlog Site 1.0. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit...

CVE-2025-8838 WinterChenS my-site Backend admin preHandle improper authentication

A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. This vulnerability affects the function preHandle of the file /admin/ of the component Backend Interface. The manipulation of the argument uri leads to improper authentication. The attack can be...

my-site 安全漏洞

my-site is WinterChenS individual developer's personal website based on springboot2.0 development, integrated: personal home page, personal blog, personal works. my-site has a security vulnerability that originates from an authentication flaw caused by improper handling of the parameter uri in th...

Exam Form Submission update_s5.php file SQL injection vulnerability

Exam Form Submission is an exam form. Exam Form Submission suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter credits in file /admin/updates5.php. An attacker can exploit this vulnerability to execute illegal SQL...

CVE-2025-8772

Vinades NukeViet up to version 4.5.06 contains a server-side request forgery (SSRF) in the Module Handler’s file path /admin/index.php?language=en&nv=upload. A remote attacker could exploit this via unknown processing of that file path, with exploitation reportedly disclosed publicly. Several sou...

CVE-2025-50692

FoxCMS =v1.2.5 is vulnerable to Code Execution in admin/templatefile/editFile.html...

Exam Form Submission update_s3.php File SQL Injection Vulnerability

Exam Form Submission is an exam form. Exam Form Submission has a SQL injection vulnerability that stems from improper handling of the credits parameter in the /admin/updates3.php file. No details of the vulnerability are provided at this time...