Lucene search
K

247 matches found

CNNVD
CNNVD
added 2026/04/29 12:0 a.m.9 views

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a vulnerability related to SQL injection, which arises from improper handling of the parameter ID in the file admin/vieworder.php...

5.8CVSS5.8AI score0.00244EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2026/04/29 12:0 a.m.73 views

📄 Pizzafy Ecommerce System 1.0 SQL Injection

The admin/vieworder.php endpoint in Pizzafy Ecommerce System version 1.0 fails to properly sanitize the id GET parameter before passing it to a MySQL query. An authenticated administrator can manipulate this parameter to inject arbitrary SQL, leading to full database compromise. SQL Injection in...

5.8CVSS5.3AI score0.00244EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.6 views

PT-2026-35963

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view order.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may...

5.8CVSS5AI score0.00244EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/21 7:14 p.m.36 views

CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...

9.3CVSS0.0028EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/14 3:30 p.m.4 views

EUVD-2026-22262

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/viewemployee.php...

2.7CVSS5.9AI score0.0019EPSS
Exploits0References2
NVD
NVD
added 2026/04/14 3:16 p.m.6 views

CVE-2026-37593

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/viewatt.php...

2.7CVSS0.0019EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32635

CVE-2026-37594 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh attendance/admin/view employee.php. https://t.co/ZIn2ZMpKYa...

2.7CVSS5.8AI score0.0019EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

SourceCodester Online Employees Work From Home Attendance System 安全漏洞

SourceCodester Online Employees Work From Home Attendance System is an open-source online employee remote work attendance system developed by SourceCodester. Version 1.0 of the SourceCodester Online Employees Work From Home Attendance System contains a security vulnerability. This vulnerability...

2.7CVSS5.9AI score0.0019EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:0 a.m.4 views

CVE-2026-37593

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/viewatt.php...

5.9AI score0.0019EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 12:0 a.m.9 views

CVE-2026-37594

CVE-2026-37594 affects SourceCodester Online Employees Work From Home Attendance System v1.0. The vulnerability is a SQL Injection in /wfh_attendance/admin/view_employee.php, caused by unsafe SQL handling in that file. The available data identifies the issue but does not provide exploitation deta...

2.7CVSS5.9AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 12:16 a.m.5 views

CVE-2026-4394

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field input.4 in all versions up to, and including, 2.9.30. This is due to the getvalueentrydetail method in the GFFieldCreditCard class outputting the card type value...

6.1CVSS0.00291EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29444

A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file gougucms-masterappadminviewuserrecord.html of the component Record Endpoint. Performing a manipulation of the argument value.content results in cross site scripting. It is possible to initiate the attack...

5.1CVSS4.4AI score0.00195EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/31 8:51 a.m.3 views

CVE-2026-3106

Blind Cross-Site Scripting XSS in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseña' parameter of the login form 'redacted/index.php'. During failed authentication attempts, the application does not properly clean or encode the information...

9.3CVSS6AI score0.00153EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.3 views

CVE-2026-30532

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/viewproduct.php file via the "id" parameter...

9.8CVSS6AI score0.0033EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/27 6:31 p.m.2 views

EUVD-2026-16680

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/viewproduct.php file via the "id" parameter...

9.8CVSS6AI score0.0033EPSS
Exploits1References2
NVD
NVD
added 2026/03/27 4:16 p.m.3 views

CVE-2026-30532

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/viewproduct.php file via the "id" parameter...

9.8CVSS0.0033EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:0 a.m.3 views

CVE-2026-30532

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/viewproduct.php file via the "id" parameter...

6AI score0.0033EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.5 views

PT-2026-28405

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view product.php file via the "id" parameter...

9.8CVSS6AI score0.0033EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/27 12:0 a.m.20 views

CVE-2026-30532

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/viewproduct.php file via the "id" parameter...

0.0033EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.7 views

SourceCodester Online Food Ordering System 安全漏洞

The SourceCodester Online Food Ordering System is an open-source online meal ordering system developed by SourceCodester. Version 1.0 of the SourceCodester Online Food Ordering System contains a security vulnerability. This vulnerability arises from the improper cleaning of the id parameter in th...

9.8CVSS5.8AI score0.0033EPSS
Exploits1References1
Rows per page
Query Builder