CVE-2025-11078

A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user/controller.php?action=photos. The manipulation of the argument photo leads to unrestricted upload. The attack is possible to be carried out...

CVE-2025-11078 itsourcecode Open Source Job Portal controller.php unrestricted upload

A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user/controller.php?action=photos. The manipulation of the argument photo leads to unrestricted upload. The attack is possible to be carried out...

CVE-2025-11078

The CVE-2025-11078 pertains to itsourcecode Open Source Job Portal 1.0. Affected component is the file /admin/user/controller.php?action=photos, where manipulating the photo parameter enables unrestricted file uploads. This vulnerability is remotely exploitable and a public exploit exists. Connec...

CVE-2025-10425

A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The impacted element is an unknown function of the file /admin/controller/studentcontroller.php. Such manipulation of the argument newimage leads to unrestricted upload. The attack m...

CVE-2025-10425

A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The impacted element is an unknown function of the file /admin/controller/studentcontroller.php. Such manipulation of the argument newimage leads to unrestricted upload. The attack m...

CVE-2025-10425

A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The impacted element is an unknown function of the file /admin/controller/studentcontroller.php. Such manipulation of the argument newimage leads to unrestricted upload. The attack m...

CVE-2025-10425 1000projects Online Student Project Report Submission and Evaluation System student_controller.php unrestricted upload

A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The impacted element is an unknown function of the file /admin/controller/studentcontroller.php. Such manipulation of the argument newimage leads to unrestricted upload. The attack m...

CVE-2025-10425

CVE-2025-10425 affects 1000projects Online Student Project Report Submission and Evaluation System 1.0. The vulnerability is in an unknown function of /admin/controller/student_controller.php, where manipulation of the new_image argument leads to unrestricted file uploads. The issue can be exploi...

PT-2025-37447

Name of the Vulnerable Software and Affected Versions: 1000projects Online Student Project Report Submission and Evaluation System version 1.0 Description: A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The affected element is an...

PT-2025-37448

Name of the Vulnerable Software and Affected Versions: 1000projects Online Student Project Report Submission and Evaluation System version 1.0 Description: A vulnerability exists in 1000projects Online Student Project Report Submission and Evaluation System version 1.0 that allows for unrestricte...

1000 Projects Online Student Project Report 代码问题漏洞

1000 Projects Online Student Project Report is an open source online student project reporting system from 1000 Projects. A code issue vulnerability exists in version 1.0 of 1000 Projects Online Student Project Report, which stems from an incorrect manipulation of the parameter newimage in the fi...

CVE-2025-56630

FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the columnmodel parameter in the app/admin/controller/Column.php file...

CVE-2025-56630

FoxCMS v1.2.5 and earlier are affected by an SQL Injection in the column_model parameter of app/admin/controller/Column.php. The vulnerability arises from improper handling of input in this file, enabling attacker-controlled SQL execution. CVSSv3.1 base score is 7.3 (HIGH) with Network attack vec...

PT-2025-36470

Name of the Vulnerable Software and Affected Versions: FoxCMS versions prior to 1.2.6 Description: FoxCMS is susceptible to a SQL Injection issue through the column model parameter located in the app/admin/controller/Column.php file. Recommendations: Update FoxCMS to version 1.2.6 or later...

PT-2025-34732

Name of the Vulnerable Software and Affected Versions: 1000projects Online Project Report Submission and Evaluation System version 1.0 Description: A SQL injection issue exists due to the manipulation of the batch id argument in the processing of the /admin/controller/delete group student.php fil...

CVE-2025-45315

A cross-site scripting XSS vulnerability in the /controller/admin.php endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the email parameter...

CVE-2025-45315

CVE-2025-45315 describes an XSS vulnerability in hortusfox-web v4.4 via the /controller/admin.php endpoint, exploitable by injecting a crafted payload into the email parameter to execute JavaScript in a user’s browser. The underlying cause is misuse/insufficient sanitization of the email input, e...

pybbs 安全漏洞

pybbs is a community platform for Java development by iuiu individual developers. A security vulnerability exists in pybbs 6.0.0 and earlier versions, which stems from a weak password requirement in the function update in the file...

Roothub 代码注入漏洞

Roothub is a forum system developed using SSM and MySQL. A code injection vulnerability exists in Roothub 2.6 and earlier versions, which originates from cross-site scripting due to function Edit in file src/main/java/cn/roothub/web/admin/SystemConfigAdminController.java...

FoxCMS 注入漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. FoxCMS 1.2.5 and previous versions exist injection vulnerability, the vulnerability stems from the file app/admin/controller/Video.php in the parameter ids of the wrong operation leads to SQL injection...