76 matches found
BIT-DISCOURSE-2026-32143 Discourse: Admin-only report can be exported by moderators
Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could expose sensitive operational data intended only for...
CVE-2026-32143
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...
CVE-2026-32143 Discourse: Admin-only report can be exported by moderators
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...
CVE-2026-32143 Discourse: Admin-only report can be exported by moderators
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...
CVE-2026-32143 Discourse: Admin-only report can be exported by moderators
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV data for admin-restricted reports, bypassing the report visibility restrictions. This could...
CVE-2026-4237
A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/modreports/index.php. Executing a manipulation of the argument Home can lead to sql injection. The attack may be performed from remote. The exploit has been...
CVE-2026-4237 itsourcecode Free Hotel Reservation System index.php sql injection
A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/modreports/index.php. Executing a manipulation of the argument Home can lead to sql injection. The attack may be performed from remote. The exploit has been...
CVE-2026-4237 itsourcecode Free Hotel Reservation System index.php sql injection
A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/modreports/index.php. Executing a manipulation of the argument Home can lead to sql injection. The attack may be performed from remote. The exploit has been...
CVE-2026-4237
CVE-2026-4237 affects itsourcecode Free Hotel Reservation System 1.0. The vulnerability is an SQL injection in the admin reporting page, specifically /hotel/admin/mod_reports/index.php, triggered by manipulating the Home parameter. The issue is exploitable remotely with no authentication required...
itsourcecode Free Hotel Reservation System SQL注入漏洞
itsourcecode Free Hotel Reservation System is an open-source hotel reservation system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability. This vulnerability arises from improper handling of the parameter “Home” in the file /hotel/admin/modreports/index.php, whi...
CVE-2026-22242 CoreShop Vulnerable to SQL Injection via Admin Reports
CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using boolean-based or time-based techniques. The database account used by th...
CVE-2026-22242
CVE-2026-22242 (CoreShop) affects CoreShop prior to 4.1.8. A blind SQL injection exists in the admin reports path, enabling an authenticated administrator to extract database contents via inputs such as the store parameter. Root cause: unsanitized user input is concatenated into a SQL query, allo...
EUVD-2026-1183
CoreShop Vulnerable to SQL Injection via Admin Reports...
CoreShop Vulnerable to SQL Injection via Admin Reports
Affected Versions - CoreShop 4.1.2 Demo tested Demo | CoreShop - Earlier versions may also be affected if the same code path exists Summary A blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using...
EUVD-2020-27268
Malware in sbrugna...
CVE-2025-11330
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/sales-reports-detail.php. Such manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit ha...
EUVD-2023-30567
Malicious code in bioql PyPI...
CVE-2025-10813 code-projects Hostel Management System index.php sql injection
A vulnerability was found in code-projects Hostel Management System 1.0. Affected is an unknown function of the file /justines/admin/modreports/index.php. The manipulation of the argument Home results in sql injection. It is possible to launch the attack remotely. The exploit has been made public...
CVE-2025-10806
A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiated remotely. The exploi...
PT-2025-38746
Name of the Vulnerable Software and Affected Versions Campcodes Online Beauty Parlor Management System version 1.0 Description A security issue exists in Campcodes Online Beauty Parlor Management System 1.0. The issue involves potential SQL injection due to manipulation of the fromdate/todate...