Lucene search
K

236 matches found

EUVD
EUVD
added 2026/04/28 7:0 a.m.7 views

EUVD-2026-26009

A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and...

5.8CVSS4.9AI score0.00228EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/28 7:0 a.m.31 views

CVE-2026-7238 code-projects Online Music Site AdminUpdateAlbum.php unrestricted upload

A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and...

5.8CVSS0.00228EPSS
Exploits0References5
CVE
CVE
added 2026/04/28 7:0 a.m.24 views

CVE-2026-7238

A vulnerability in code-projects Online Music Site 1.0 affects Administrator/PHP/AdminUpdateAlbum.php where manipulation of the txtimage argument enables unrestricted file upload. This remote exploitation is possible and an exploit has been published. The CVSS metrics indicate a Network attacker ...

5.8CVSS5AI score0.00228EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.14 views

PT-2026-35683

A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and...

5.8CVSS5.1AI score0.00228EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.9 views

Code-Projects Online Music Site 访问控制错误漏洞

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has a vulnerability related to access control. This vulnerability stems from the unlimited upload feature of the txtimage parameter in the...

5.8CVSS5.8AI score0.00228EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.9 views

PT-2026-35154

A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit i...

5.8CVSS5.2AI score0.00273EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.3 views

CVE-2026-35181

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configuration endpoint at admin/playerUpdate.json.php does not validate CSRF tokens. The plugins table is explicitly excluded from the ORM's domain-based security check via ignoreTableSecurityCheck, removing...

4.3CVSS5.9AI score0.00134EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/07 10:52 a.m.2 views

CVE-2026-5641

A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /admin/update-image1.php of the component Parameter Handler. The manipulation of the argument filename results in sql injection. The attack may be performed from...

6.5CVSS5.6AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/07 10:52 a.m.4 views

CVE-2026-5639

A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. The attack can be executed remotely. The...

6.5CVSS5.8AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2026/04/06 8:16 p.m.4 views

CVE-2026-35181

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configuration endpoint at admin/playerUpdate.json.php does not validate CSRF tokens. The plugins table is explicitly excluded from the ORM's domain-based security check via ignoreTableSecurityCheck, removing...

4.3CVSS0.00134EPSS
Exploits1References1
NVD
NVD
added 2026/04/06 10:16 a.m.5 views

CVE-2026-5641

A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /admin/update-image1.php of the component Parameter Handler. The manipulation of the argument filename results in sql injection. The attack may be performed from...

6.5CVSS0.00196EPSS
Exploits0References5
NVD
NVD
added 2026/04/06 9:16 a.m.15 views

CVE-2026-5640

A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /admin/update-image2.php of the component Parameter Handler. The manipulation of the argument filename leads to sql injection. The attack is possible to be...

6.5CVSS0.00192EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:15 a.m.2 views

CVE-2026-5641

A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /admin/update-image1.php of the component Parameter Handler. The manipulation of the argument filename results in sql injection. The attack may be performed from...

6.5CVSS6.3AI score0.00196EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/06 9:15 a.m.9 views

CVE-2026-5641

The CVE-2026-5641 issue affects PHPGurukul Online Shopping Portal Project 2.1, specifically the /admin/update-image1.php file in the Parameter Handler. The vulnerability arises from manipulating the filename argument, leading to SQL injection. It can be exploited remotely, and the exploit has bee...

6.5CVSS6.3AI score0.00196EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:0 a.m.7 views

CVE-2026-5640

A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /admin/update-image2.php of the component Parameter Handler. The manipulation of the argument filename leads to sql injection. The attack is possible to be...

6.5CVSS5.7AI score0.00192EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/06 9:0 a.m.19 views

CVE-2026-5640

The CVE-2026-5640 entry concerns PHPGurukul Online Shopping Portal Project 2.1. The vulnerability is an SQL injection in an unknown function within /admin/update-image2.php of the Parameter Handler, triggered by manipulating the filename argument. It is described as remotely exploitable and publi...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
CVE
CVE
added 2026/04/06 8:45 a.m.7 views

CVE-2026-5639

PHPGurukul Online Shopping Portal Project 2.1 has a SQL injection flaw in the Parameter Handler’s /admin/update-image3.php. The vulnerability arises from manipulating the filename argument, enabling remote exploitation. Exploit published; CVSS notes range from 4.0 to 3.0 scales with PROOF-OF-CONC...

6.5CVSS6.5AI score0.00246EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.11 views

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project developed by PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter filename ...

6.5CVSS6.7AI score0.00196EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.9 views

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project developed by PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter filename ...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.7 views

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project of PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter filename in the file...

6.5CVSS6.6AI score0.00246EPSS
Exploits0References5
Rows per page
Query Builder