14 matches found
CVE-2026-10257
A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/updatessimg.php. The manipulation of the argument topicid results in sql injection. The attack can be executed remotely. The exploit has been released t...
CVE-2026-10070
A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...
CVE-2026-10070 macrozheng mall Super Admin Password update improper authorization
A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...
EUVD-2026-33356
A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...
CVE-2026-10070 macrozheng mall Super Admin Password update improper authorization
A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...
mall 授权问题漏洞
Mall is a set of e-commerce systems developed by Macro Personal Developers, including a front-end shopping mall system and a back-end management system. Versions of Mall 1.0.3 and earlier had authorization-related vulnerabilities. These vulnerabilities stemmed from improper authorization in the...
EUVD-2026-16529
A weakness has been identified in code-projects Exam Form Submission 1.0/7.php. This impacts an unknown function of the file /admin/updates7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made availabl...
PT-2025-4084 · Codezips · Codezips Gym Management System
Name of the Vulnerable Software and Affected Versions: Codezips Gym Management System version 1.0 Description: A critical issue affects the processing of the file "/dashboard/admin/updateplan.php". The manipulation of the planid argument leads to SQL injection. The attack can be initiated remotel...
PT-2024-16326 · Unknown · Code-Projects Blood Bank System
Name of the Vulnerable Software and Affected Versions: code-projects Blood Bank System version 1.0 Description: A critical issue has been discovered, affecting an unknown part of the file /admin/blood/update/B-.php. The manipulation of the Bloodname argument leads to SQL injection. It is possible...
CVE-2024-2533
A vulnerability, which was classified as problematic, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this issue is some unknown functionality of the file /admin/update-users.php. The manipulation of the argument id leads to cross site scripting. The...
GHSA-R222-MCFF-27FF Cross-Site Request Forgery in JFinalCMS via /admin/div/update
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/div/update...
Online Tours & Travels Management System SQL注入漏洞
Online Tours & Travels Management System is an online travel management system by Mayuri K. Personal developer. A SQL injection vulnerability exists in Online Tours & Travels Management System version v1.0 due to a lack of validation of the id parameter in its /admin/updateexpensecategory.php...
CVE-2022-27429
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via /admin.php/Plugins/update.html...
CVE-2018-20563
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobilename parameter...