CVE-2025-13257

A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has be...

Inventory Management System SQL注入漏洞

Inventory Management System is an inventory management system by stemword individual developers. A SQL injection vulnerability exists in Inventory Management System version 1.0, which originates from an incorrect manipulation of the parameter ID in the file /admin/user/index.php?view=edit, which...

EUVD-2025-31389

Malicious code in bioql PyPI...

CVE-2025-11041

A vulnerability has been found in itsourcecode Open Source Job Portal 1.0. Affected by this issue is some unknown functionality of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit h...

MRCMS 代码注入漏洞

MRCMS is a content management system by marker personal developer. A code injection vulnerability exists in MRCMS version 3.1.3, which originates from a cross-site scripting attack due to an incorrect manipulation of the parameter Username in the file /admin/user/edit.do...

SourceCodester E-Commerce System 访问控制错误漏洞

Moosikay E-Commerce System is an e-commerce system by the individual developer Arvin Arandilla. An access control error vulnerability exists in SourceCodester E-Commerce System version 1.0, which stems from a security issue with an unknown function in the file...

CVE-2022-32010

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=...

CVE-2022-32010

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=...

CVE-2022-31338

Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=...

CVE-2022-31338

Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=...

CVE-2022-27163

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcmsadminUserseditUser...

CVE-2021-39347

The Stripe for WooCommerce WordPress plugin is missing a capability check on the save function found in the /includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases...

WordPress 插件 Stripe for WooCommerce 安全漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress plugin Stripe for WooCommerce, which stems from a...

LiteCart Cross-Site Request Forgery Vulnerability

LiteCart is a lightweight e-commerce platform for online merchants developed using PHP, HTML 5 and CSS 3. A cross-site request forgery vulnerability exists in LiteCart 2.2.1 and earlier versions in admin/?app=users&doc=edituser. An attacker can exploit this vulnerability to add users...

Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking)

Exploit Title: Monstra-Dev 3.0.4 - Cross-Site Request ForgeryAccount Hijacking Date: 2018-08-04 Exploit Author: Nainsi Gupta Vendor Homepage: http://monstra.org/ Product Name: Monstra-dev Version: 3.0.4 Tested on: Windows 10 Firefox/Chrome CVE : N/A 1. Description CSRF vulnerability in...

Cross site request forgery (csrf)

CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field...

CVE-2018-14029

CVE-2018-14029 : CSRF in the WityCMS 0.6.2 admin/user/edit flow allows an attacker to take over a user account by modifying user data (e.g., email, password). The vulnerability stems from cross-site request forgery in the admin interface, with CVSSv3 base score 8.8 (HIGH) and user interaction req...

Xavier PHP Management Panel SQL Injection Vulnerability

Xavier PHP Management Panel is a PHP-based web content protection script. A SQL injection vulnerability exists in Xavier PHP Management Panel version 2.4. A remote attacker can inject malicious SQL commands into the admin/adminuseredit.php file by sending the 'usertoedit' parameter or the...

CVE-2017-15949

Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the logid parameter to admin/editgroup.php...