CVE-2026-34427

Vvveb versions prior to 1.0.8.1 contain a privilege escalation in the admin/user/save endpoint. An authenticated user can inject role_id=1 in profile save requests to elevate to Super Administrator, enabling plugin upload functionality and remote code execution. The fix is provided in 1.0.8.1 (se...

tianti 安全漏洞

tianti tianti is a JAVA lightweight CMS solution by jeffry personal developer. A security vulnerability exists in tianti 2.3 and earlier versions, which originates from the function exportOrder in the file /tianti-module-admin/user/ajax/save resulting in a CSV injection that could lead to a remot...

CVE-2025-4881

A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/usersave.php. The manipulation of the argument username/name leads to sql injection. The attack may be launched remotely...

Online Restaurant Management System 注入漏洞

Online Restaurant Management System is a Code-projects open source online restaurant management system. An injection vulnerability exists in Online Restaurant Management System version 1.0, which originates from improper handling of the parameter Name in the /admin/usersave.php file, which can le...

CVE-2018-9925

An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request...