247 matches found
SourceCodester Pizzafy Ecommerce System 注入漏洞
SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a vulnerability related to SQL injection, which arises from improper handling of the parameter ID in the file admin/vieworder.php...
📄 Pizzafy Ecommerce System 1.0 SQL Injection
The admin/vieworder.php endpoint in Pizzafy Ecommerce System version 1.0 fails to properly sanitize the id GET parameter before passing it to a MySQL query. An authenticated administrator can manipulate this parameter to inject arbitrary SQL, leading to full database compromise. SQL Injection in...
PT-2026-35963
A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view order.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may...
CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field
mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...
EUVD-2026-22262
SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/viewemployee.php...
CVE-2026-37593
SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/viewatt.php...
PT-2026-32635
CVE-2026-37594 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh attendance/admin/view employee.php. https://t.co/ZIn2ZMpKYa...
SourceCodester Online Employees Work From Home Attendance System 安全漏洞
SourceCodester Online Employees Work From Home Attendance System is an open-source online employee remote work attendance system developed by SourceCodester. Version 1.0 of the SourceCodester Online Employees Work From Home Attendance System contains a security vulnerability. This vulnerability...
CVE-2026-37593
SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/viewatt.php...
CVE-2026-37594
CVE-2026-37594 affects SourceCodester Online Employees Work From Home Attendance System v1.0. The vulnerability is a SQL Injection in /wfh_attendance/admin/view_employee.php, caused by unsafe SQL handling in that file. The available data identifies the issue but does not provide exploitation deta...
CVE-2026-4394
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field input.4 in all versions up to, and including, 2.9.30. This is due to the getvalueentrydetail method in the GFFieldCreditCard class outputting the card type value...
PT-2026-29444
A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file gougucms-masterappadminviewuserrecord.html of the component Record Endpoint. Performing a manipulation of the argument value.content results in cross site scripting. It is possible to initiate the attack...
CVE-2026-3106
Blind Cross-Site Scripting XSS in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseña' parameter of the login form 'redacted/index.php'. During failed authentication attempts, the application does not properly clean or encode the information...
CVE-2026-30532
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/viewproduct.php file via the "id" parameter...
EUVD-2026-16680
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/viewproduct.php file via the "id" parameter...
CVE-2026-30532
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/viewproduct.php file via the "id" parameter...
CVE-2026-30532
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/viewproduct.php file via the "id" parameter...
PT-2026-28405
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view product.php file via the "id" parameter...
CVE-2026-30532
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/viewproduct.php file via the "id" parameter...
SourceCodester Online Food Ordering System 安全漏洞
The SourceCodester Online Food Ordering System is an open-source online meal ordering system developed by SourceCodester. Version 1.0 of the SourceCodester Online Food Ordering System contains a security vulnerability. This vulnerability arises from the improper cleaning of the id parameter in th...