240 matches found
PT-2025-51113
A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing manipulation of the argument keyname can lead to sql injection. The attack may be performed from remote. The exploit has been made...
Revive Adserver admin-search.php file cross-site scripting vulnerability
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...
CVE-2025-27208
A reflected Cross-Site Scripting XSS vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code in the context o...
EUVD-2025-37231
A reflected Cross-Site Scripting XSS vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code in the context o...
CVE-2025-27208
A reflected Cross-Site Scripting XSS vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code in the context o...
CVE-2025-27208
A reflected Cross-Site Scripting XSS vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code in the context o...
Revive Adserver 安全漏洞
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...
CVE-2025-27208
Revive Adserver 5.5.2 is affected by a reflected Cross-Site Scripting (XSS) in admin-search.php via the compact parameter. An attacker able to lure a user with UI access into clicking a crafted URL can inject JavaScript to run in the victim’s browser; cookies aren’t exposed, but other actions may...
CVE-2025-27208
A reflected Cross-Site Scripting XSS vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code in the context o...
CVE-2025-27208
A reflected Cross-Site Scripting XSS vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code in the context o...
PT-2025-44559
Name of the Vulnerable Software and Affected Versions Revive Adserver version 5.5.2 Description A reflected Cross-Site Scripting XSS issue exists in Revive Adserver version 5.5.2. An attacker could potentially cause a user with access to the user interface of a Revive Adserver instance to execute...
Revive Adserver: Error-Based & Time-Based SQL Injection in 'keyword' Parameter of admin-search.php Allowing Full Database Access in Revive Adserver v6.0.0
==Cricetinae== Summary: A critical SQL Injection vulnerability has been identified in Revive Adserver's administrative search functionality, specifically in the admin-search.php file. The vulnerability exists in the handling of the keyword GET parameter, which is passed to multiple database queri...
CVE-2025-11664
A security vulnerability has been detected in Campcodes Online Beauty Parlor Management System 1.0. The impacted element is an unknown function of the file /admin/search-appointment.php. Such manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The...
CVE-2025-11664
A security vulnerability has been detected in Campcodes Online Beauty Parlor Management System 1.0. The impacted element is an unknown function of the file /admin/search-appointment.php. Such manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The...
PT-2025-41758
Name of the Vulnerable Software and Affected Versions Campcodes Online Beauty Parlor Management System version 1.0 Description A security issue exists in Campcodes Online Beauty Parlor Management System version 1.0. Manipulation of the searchdata argument in an unknown function within the...
Beauty Parlour Management System search-appointment.php File SQL Injection Vulnerability
Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter searchdata in file /admin/search-appointment.php. An attacker ca...
CVE-2025-11506
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/search-appointment.php. The manipulation of the argument searchdata results in sql injection. It is possible to launch the attack remotely. The...
CVE-2025-11507
A weakness has been identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/search-invoices.php. This manipulation of the argument searchdata causes sql injection. The attack can be initiated remotely. The exploit has been made...
CVE-2025-11507
A weakness has been identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/search-invoices.php. This manipulation of the argument searchdata causes sql injection. The attack can be initiated remotely. The exploit has been made...
CVE-2025-11506
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/search-appointment.php. The manipulation of the argument searchdata results in sql injection. It is possible to launch the attack remotely. The...