Lucene search
K

247 matches found

NVD
NVD
added 2026/01/06 12:15 a.m.4 views

CVE-2026-0607

A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminViewSongs.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may...

9.8CVSS0.00379EPSS
Exploits1References7
OSV
OSV
added 2026/01/06 12:15 a.m.5 views

CVE-2026-0607

A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminViewSongs.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may...

9.8CVSS5.8AI score0.00379EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/01/05 11:32 p.m.2 views

CVE-2026-0607 code-projects Online Music Site AdminViewSongs.php sql injection

A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminViewSongs.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may...

7.5CVSS6.5AI score0.00379EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/01/05 11:32 p.m.27 views

CVE-2026-0607 code-projects Online Music Site AdminViewSongs.php sql injection

A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminViewSongs.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may...

7.5CVSS0.00379EPSS
Exploits1References7
CVE
CVE
added 2026/01/05 11:32 p.m.17 views

CVE-2026-0607

CVE-2026-0607 affects the Code-projects Online Music Site 1.0. The vulnerability resides in the file /Administrator/PHP/AdminViewSongs.php, where manipulating the ID argument enables a SQL injection, reported as exploitable remotely and with a published exploit. Connected documents confirm exploi...

9.8CVSS7AI score0.00379EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.6 views

PT-2026-1356

Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0 Description A flaw exists in code-projects Online Music Site 1.0 that allows for SQL injection. The issue is located in the file /Administrator/PHP/AdminViewSongs.php. Manipulating the ID argument ca...

7.5CVSS6.9AI score0.00379EPSS
Exploits1References12
OSV
OSV
added 2026/01/02 10:13 p.m.5 views

GHSA-5J4H-4F72-QPM6 Bagisto has Normal & Blind SSTI from low-privilege user when ordering product

Summary SSTI when normal customer orders any product in add address step can inject value run in admin view. Details As normal user 1. Go to http://127.0.0.1:8000/ 2. Add order to cart and continue to checkout 3. In step of add address inject this value 77 in any input As admin 1. Go to...

9.8CVSS6.8AI score0.00835EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/30 11:15 p.m.4 views

CVE-2025-15207

A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/viewproducts.php. The manipulation of the argument chkId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

9.8CVSS7.1AI score0.00434EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/30 12:32 a.m.4 views

EUVD-2025-205662

A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/viewproducts.php. The manipulation of the argument chkId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

7.5CVSS7.2AI score0.00434EPSS
Exploits1References6
NVD
NVD
added 2025/12/29 10:15 p.m.7 views

CVE-2025-15207

A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/viewproducts.php. The manipulation of the argument chkId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

9.8CVSS0.00434EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.6 views

CampCodes Supplier Management System SQL注入漏洞

CampCodes Supplier Management System is a supplier management system from CampCodes, Inc. A SQL injection vulnerability exists in CampCodes Supplier Management System version 1.0, which stems from an incorrect manipulation of the parameter chkId in the file /admin/viewproducts.php, which could le...

9.8CVSS7.8AI score0.00434EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/23 7:34 p.m.5 views

CVE-2021-47738 CSZ CMS 1.2.7 Persistent Cross-Site Scripting via Private Messaging

CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...

5.4CVSS5.9AI score0.00249EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/22 3:23 a.m.4 views

CVE-2025-14990

A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing a manipulation of the argument viewid results in sql injection. The attack may be initiated remotely. The explo...

9.8CVSS7.2AI score0.00326EPSS
Exploits1References1
OSV
OSV
added 2025/12/21 4:16 a.m.4 views

CVE-2025-14990

A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing a manipulation of the argument viewid results in sql injection. The attack may be initiated remotely. The explo...

9.8CVSS5.8AI score0.00326EPSS
Exploits1References5
NVD
NVD
added 2025/12/21 4:16 a.m.4 views

CVE-2025-14990

A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing a manipulation of the argument viewid results in sql injection. The attack may be initiated remotely. The explo...

9.8CVSS0.00326EPSS
Exploits1References5
CVE
CVE
added 2025/12/21 3:2 a.m.15 views

CVE-2025-14990

The CVE-2025-14990 issue affects Campcodes Complete Online Beauty Parlor Management System 1.0. The vulnerability is an SQL injection in the file /admin/view-appointment.php, caused by manipulation of the viewid parameter in an unknown function. The attack can be performed remotely, and public ex...

9.8CVSS7.2AI score0.00326EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/21 3:2 a.m.3 views

CVE-2025-14990 Campcodes Complete Online Beauty Parlor Management System view-appointment.php sql injection

A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing a manipulation of the argument viewid results in sql injection. The attack may be initiated remotely. The explo...

7.5CVSS7.2AI score0.00326EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/21 3:2 a.m.22 views

CVE-2025-14990 Campcodes Complete Online Beauty Parlor Management System view-appointment.php sql injection

A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing a manipulation of the argument viewid results in sql injection. The attack may be initiated remotely. The explo...

7.5CVSS0.00326EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.6 views

CVE-2023-53927

PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections,...

5.4CVSS6.2AI score0.00233EPSS
Exploits1References1
NVD
NVD
added 2025/12/18 12:16 a.m.11 views

CVE-2025-14202

A vulnerability in the file upload at bookmark + asset rendering pipeline allows an attacker to upload a malicious SVG file with JavaScript content. When an authenticated admin user views the SVG file with embedded JavaScript code of shared bookmark, JavaScript executes in the admin’s browser,...

8.2CVSS0.00256EPSS
Exploits0References1
Rows per page
Query Builder