CVE-2025-13257

CVE-2025-13257 affects itsourcecode Inventory Management System 1.0, with the vulnerable element in /admin/user/index.php?view=edit. The issue is an SQL injection caused by manipulation of the ID parameter, exploitable remotely. Public exploits have been disclosed. Documented impact indicates hig...

Church Management System 跨站脚本漏洞

Church Management System is a church management system. A cross-site scripting vulnerability exists in version 1.0 of the Church Management System, which stems from a cross-site scripting vulnerability in the firstname parameter of the /admin/adminuser.php file...

Mini-Tmall SQL Injection Vulnerability

Mini-Tmall is a Spring Boot-based mini-Tmall mall, fast deployment runtime, suitable for use as a Bijou template. A SQL injection vulnerability exists in Mini-Tmall 20231017 and earlier versions, which stems from the parameter orderBy in the file ?r=tmall/admin/user/1/1 that can lead to SQL...

PT-2023-28829 · Unknown · Service Provider Management System

Name of the Vulnerable Software and Affected Versions: Service Provider Management System version 1.0 Description: An issue in the system allows a remote attacker to gain privileges via the ID parameter in the "/php-spms/admin/?page=user/" endpoint. Recommendations: For version 1.0, consider...

CVE-2023-39121

emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php...

CVE-2022-33049

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/?page=user/manageuser...

CVE-2022-29739

Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manageuser&id=...

Gazie Cross-Site Scripting Vulnerability

Gazie is a financial application based on PHP and MySQL. The program supports features such as invoice management, inventory management and order management. A cross-site scripting vulnerability exists in Gazie version 7.29, which originates from an improper validation of client-side data by...

Adive Framework 2.0.8 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Adive Framework 2.0.8 - Persistent Cross-Site Scripting Exploit Author: Sarthak Saini Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8 Category: Webapps Tested on:...

Adive Framework 2.0.8 - Persistent Cross-Site Scripting

Exploit Title: Adive Framework 2.0.8 - Persistent Cross-Site Scripting Exploit Author: Sarthak Saini Dork: N/A Date: 2020-01-18 Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8 Category: Webapps Tested on: windows64bit / mozila firefo...

Adive Framework 2.0.8 - Persistent Cross-Site Scripting

Adive Framework 2.0.8 - Persistent Cross-Site Scripting Exploit Title: Adive Framework 2.0.8 - Persistent Cross-Site Scripting Exploit Author: Sarthak Saini Dork: N/A Date: 2020-01-18 Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8...

DEBIAN-CVE-2019-12094

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...