CVE-2024-51108

Multiple stored cross-site scripting XSS vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate...

CVE-2024-9815

A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack can be...

CVE-2023-1441

A vulnerability has been found in SourceCodester Automatic Question Paper Generator System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/courses/viewcourse.php of the component GET Parameter Handler. The manipulation of the argument i...

CVE-2023-1460

A vulnerability was found in SourceCodester Online Pizza Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file admin/ajax.php?action=saveuser of the component Password Change Handler. The manipulation leads to improper authentication. It is possible to...

CVE-2023-1433

A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/products/controller.php?action=add of the component Products Handler. The manipulation of the argument filename leads to...

CVE-2022-40352

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/updatetraveller.php...

CVE-2022-39960

The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexportdownload=true request to a plugins/servlet/groupexportforjira/admin/ URI...

PHPGurukul Auto Taxi Stand Management System 注入漏洞

Auto Taxi Stand Management System is an auto cab stand management system. Auto Taxi Stand Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter price in the file...

Apartment Visitors Management System /admin/bwdates-passreports-details.php File SQL Injection Vulnerability

Apartment Visitors Management System is an apartment visitor management system. Apartment Visitors Management System suffers from a SQL injection vulnerability, which originates from improper manipulation of the parameters fromdate/todate in the file /admin/bwdates-passreports-details.php. An...

itsourcecode Restaurant Management System 注入漏洞

itsourcecode Restaurant Management System is itsourcecode open source a restaurant management system . An injection vulnerability exists in version 1.0 of itsourcecode Restaurant Management System, which results from SQL injection due to incorrect manipulation of the parameter last in the file...

SourceCodester Best Employee Management System 安全漏洞

SourceCodester Best Employee Management System is a SourceCodester open source employee management system. A security vulnerability exists in SourceCodester Best Employee Management System version V1.0, which originates from the password parameter in /admin/changepass.php being susceptible to...

SLiMS 9 Bulian 安全漏洞

SLiMS 9 Bulian is a free and open source software from the SLiMS community in Indonesia. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. A security vulnerability exists in SLiMS 9 Bulian version 9.6.1, which originates...

PHPGurukul Art Gallery Management System 注入漏洞

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter artmed in the file /admin/add-art-medium.php. An attacker c...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through the use of request.getRequestURI validation in com.baidu.brcc.config.UserAuthFilter.doFilter. An attacker can gain unauthorized admin rights by sending requests to /admin/ URIs on misconfigured servers. Not...

jeeweb-mybatis-springboot 安全漏洞

jeeweb-mybatis-springboot is a Java web distributed development system by huangjian888 individual developer. A security vulnerability exists in jeeweb-mybatis-springboot v0.0.1, which stems from improper access control of the component /admin/sys/datasource/ajaxList, which could result in access ...

CVE-2025-4214

A vulnerability was found in PHPGuruku Online DJ Booking Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiat...

CVE-2025-3961

A vulnerability classified as problematic has been found in withstars Books-Management-System 1.0. This affects an unknown part of the file /admin/article/add/do. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has...

eCommerce-website-in-PHP 安全漏洞

eCommerce-website-in-PHP is a free and open source php e-commerce platform by scriptandtools individual developers. A security vulnerability exists in eCommerce-website-in-PHP version 3.0, which originates from an incorrect operation of the file /admin/subscriber-csv.php that results in informati...

litepubl 安全漏洞

litepubl is a small CMS by Vladimir Personal Developer. A security vulnerability exists in litepubl 7.0.9 and earlier versions, which stems from improper handling of the admin/service/run path and could lead to remote code execution...

Hospital Management System doctor-specilization.php File SQL Injection Vulnerability

Hospital Management System a hospital management system. The Hospital Management System suffers from a SQL injection vulnerability that originates from a missing validation of externally entered SQL statements in the parameter doctorspecilization of the file /admin/doctor-specilization.php. An...