58 matches found
BIT-DISCOURSE-2025-69218 Discourse moderators can access admin-only reports exposing private upload URLs
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can access the topuploads admin report which should be restricted to admins only. This report displays direct URLs to all uploaded files on the site, including sensitive...
CVE-2025-69218 Discourse moderators can access admin-only reports exposing private upload URLs
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can access the topuploads admin report which should be restricted to admins only. This report displays direct URLs to all uploaded files on the site, including sensitive...
CVE-2025-69218 Discourse moderators can access admin-only reports exposing private upload URLs
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can access the topuploads admin report which should be restricted to admins only. This report displays direct URLs to all uploaded files on the site, including sensitive...
CVE-2025-69218 Discourse moderators can access admin-only reports exposing private upload URLs
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can access the topuploads admin report which should be restricted to admins only. This report displays direct URLs to all uploaded files on the site, including sensitive...
SQL Injection: Hibernate
Overview coreshop/core-bundle is a CoreShop - Core Bundle Glue Bundle Affected versions of this package are vulnerable to SQL Injection: Hibernate via unsanitized input in the store parameter of the admin report process. An attacker can extract sensitive database information by manipulating the...
EUVD-2020-2901
Malware in sbrugna...
EUVD-2025-28428
Malicious code in bioql PyPI...
EUVD-2025-28426
Malicious code in bioql PyPI...
CVE-2025-5232
A vulnerability, which was classified as critical, has been found in PHPGurukul Student Study Center Management System 1.0. This issue affects some unknown processing of the file /admin/report.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiate...
PHPGurukul Student Study Center Management System 注入漏洞
PHPGurukul Student Study Center Management System is a student study center management system from PHPGurukul. An injection vulnerability exists in version 1.0 of the PHPGurukul Student Study Center Management System, which is caused by a SQL injection due to incorrect manipulation of the...
PHPGurukul Online Marriage Registration System 注入漏洞
PHPGurukul Online Marriage Registration System is a website builder from PHPGurukul that supports online marriage registration. An injection vulnerability exists in version 1.0 of the PHPGurukul Online Marriage Registration System, which originates from the operation of the parameter...
Online Birth Certificate System between-dates-report.php File SQL Injection Vulnerability
Online Birth Certificate System is an online birth certificate system. Online Birth Certificate System is vulnerable to a SQL injection vulnerability that stems from incorrect manipulation of the parameter fromdate in the file /admin/between-dates-report.php resulting in SQL injection. No details...
PHPGurukul Land Record System 安全漏洞
PHPGurukul Land Record System is a land management system from PHPGurukul. A security vulnerability exists in version v1.0 of the PHPGurukul Land Record System, which originates from an SQL injection vulnerability contained in the todate parameter of the /admin/bwdates-reports-details.php file...
CVE-2024-13037
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been classified as critical. Affected is the function attendancereport of the file /admin/report.php. The manipulation of the argument courseid leads to sql injection. It is possible to launch the attack...
PT-2024-17894 · Unknown · 1000 Projects Attendance Tracking Management System
Name of the Vulnerable Software and Affected Versions: 1000 Projects Attendance Tracking Management System version 1.0 Description: A critical issue has been found in the attendance report function of the /admin/report.php file. The manipulation of the course id argument leads to SQL injection. I...
Zoo Management System SQL注入漏洞
Zoo Management System is a zoo management system by the individual developer Carlo Montero. It provides an online and automated platform for zoo organizations to manage their daily records. A SQL injection vulnerability exists in version 2.1 of the PHPGurukul Zoo Management System, which stems fr...
CVE-2023-7100
A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/bwdates-report-details.php. The manipulation of the argument fdate/tdate leads to sql injection. It is possible to launch the attack...
PT-2023-17789
Name of the Vulnerable Software and Affected Versions SourceCodester Vehicle Service Management System version 1.0 Description A problematic vulnerability was found in the SourceCodester Vehicle Service Management System. This issue affects the file /admin/report/index.php and is triggered by the...
Sourcecodester Vehicle Service Management System 跨站脚本漏洞
Sourcecodester Vehicle Service Management System is an open source PHP project. A simple web application for automotive repair/service stores or businesses. A cross-site scripting vulnerability exists in SourceCodester Vehicle Service Management System version 1.0, which originates from unknown...
Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-17943)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflected cross-site scripting vulnerability exists in admin/report-article-popular.php in Chadha PHPKB Standard Multi-Language...