381 matches found
CVE-2024-51223
A stored cross-site scripting XSS vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Mobile Number parameter...
EUVD-2026-5640
Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...
Zulip 跨站脚本漏洞
Zulip is a powerful open-source chat application developed by the American company Zulip Corporation. It combines the immediacy of real-time conversations with the productivity benefits of threaded dialogue. Versions of Zulip from 5.0 to 11.5 had a cross-site scripting vulnerability. This...
CVE-2025-70893
A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL...
CVE-2025-70893
A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL...
CVE-2025-70893
A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL...
PHPGurukul Cyber Cafe Management System 安全漏洞
Cyber Cafe Management System is an internet cafe management system. Cyber Cafe Management System suffers from a SQL injection vulnerability that stems from the adminprofile.php endpoint's adminname parameter not being sufficiently cleaned of user input, no details of the vulnerability are availab...
CVE-2022-38305
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2026-0547
A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be...
CVE-2026-0547 PHPGurukul Online Course Registration Student Registration edit-student-profile.php unrestricted upload
A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be...
CampCodes Online Student Enrollment System 代码问题漏洞
CampCodes Online Student Enrollment System is an online enrollment system from CampCodes Philippines, Inc. A code issue vulnerability exists in CampCodes Online Student Enrollment System version 1.0, which stems from the incorrect manipulation of the parameter userphoto in the file...
Access Control Bypass
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Access Control Bypass via the /admin/realms/master/users/profile endpoint. An attacker can access internal us...
📄 Piwigo 13.6.0 SQL Injection
Piwigo version 13.6.0 suffers from a remote SQL injection vulnerability. Exploit Title: Piwigo 13.6.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/Piwigo/Piwigo Software Link: https://github.com/Piwigo/Piwigo Version: 13.6.0 Tested on: Windows CV...
Piwigo 13.6.0 - SQL Injection
Exploit Title: Piwigo 13.6.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/Piwigo/Piwigo Software Link: https://github.com/Piwigo/Piwigo Version: 13.6.0 Tested on: Windows CVE : CVE-2023-33362 Proof Of Concept: GET /admin.php?page=profile&userid='...
Student Record System admin-profile.php file cross-site scripting vulnerability
Student Record System is a software application. Student Record System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the adminname and aemailid parameters of admin-profile.php, which can be exploited to...
Student Record System admin-profile.php File SQL Injection Vulnerability
Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the adminname and aemailid parameters of admin-profile.php. An attacker can exploit this vulnerability t...
CVE-2024-44636
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the adminname and aemailid parameters in /admin-profile.php...
CVE-2024-44635
PHPGurukul Student Record System 3.20 is vulnerable to Cross Site Scripting XSS via adminname and aemailid parameters in /admin-profile.php...
EUVD-2025-197658
A security flaw has been discovered in Bdtask/CodeCanyon News365 up to 7.0.3. This affects an unknown function of the file /admin/dashboard/profile. The manipulation of the argument profileimage/bannerimage results in unrestricted upload. The attack can be launched remotely. The exploit has been...
CVE-2025-13185 Bdtask/CodeCanyon News365 profile unrestricted upload
A security flaw has been discovered in Bdtask/CodeCanyon News365 up to 7.0.3. This affects an unknown function of the file /admin/dashboard/profile. The manipulation of the argument profileimage/bannerimage results in unrestricted upload. The attack can be launched remotely. The exploit has been...