Lucene search
K

381 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/23 12:0 a.m.4 views

CVE-2024-51223

A stored cross-site scripting XSS vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Mobile Number parameter...

4.8CVSS5.8AI score0.00184EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/06 6:20 p.m.8 views

EUVD-2026-5640

Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...

4.8CVSS5AI score0.0023EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.14 views

Zulip 跨站脚本漏洞

Zulip is a powerful open-source chat application developed by the American company Zulip Corporation. It combines the immediacy of real-time conversations with the productivity benefits of threaded dialogue. Versions of Zulip from 5.0 to 11.5 had a cross-site scripting vulnerability. This...

5.4CVSS5.7AI score0.0023EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/16 12:24 a.m.7 views

CVE-2025-70893

A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL...

8.8CVSS7.9AI score0.00387EPSS
Exploits2References1
OSV
OSV
added 2026/01/15 9:16 p.m.7 views

CVE-2025-70893

A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL...

8.8CVSS6AI score0.00387EPSS
Exploits2References2
NVD
NVD
added 2026/01/15 9:16 p.m.5 views

CVE-2025-70893

A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL...

8.8CVSS0.00387EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.9 views

PHPGurukul Cyber Cafe Management System 安全漏洞

Cyber Cafe Management System is an internet cafe management system. Cyber Cafe Management System suffers from a SQL injection vulnerability that stems from the adminprofile.php endpoint's adminname parameter not being sufficiently cleaned of user input, no details of the vulnerability are availab...

8.8CVSS5.8AI score0.00387EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:57 a.m.4 views

CVE-2022-38305

AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

8.8CVSS8.3AI score0.00947EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/03 10:4 a.m.7 views

CVE-2026-0547

A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be...

6.5CVSS6.7AI score0.0031EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/02 9:32 a.m.38 views

CVE-2026-0547 PHPGurukul Online Course Registration Student Registration edit-student-profile.php unrestricted upload

A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be...

6.5CVSS0.0031EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

CampCodes Online Student Enrollment System 代码问题漏洞

CampCodes Online Student Enrollment System is an online enrollment system from CampCodes Philippines, Inc. A code issue vulnerability exists in CampCodes Online Student Enrollment System version 1.0, which stems from the incorrect manipulation of the parameter userphoto in the file...

7.2CVSS5.2AI score0.00338EPSS
Exploits1References7
Snyk
Snyk
added 2025/12/05 12:0 a.m.7 views

Access Control Bypass

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Access Control Bypass via the /admin/realms/master/users/profile endpoint. An attacker can access internal us...

5.1CVSS6.8AI score0.0032EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2025/12/03 12:0 a.m.140 views

📄 Piwigo 13.6.0 SQL Injection

Piwigo version 13.6.0 suffers from a remote SQL injection vulnerability. Exploit Title: Piwigo 13.6.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/Piwigo/Piwigo Software Link: https://github.com/Piwigo/Piwigo Version: 13.6.0 Tested on: Windows CV...

9.8CVSS8.2AI score0.09058EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/12/02 12:0 a.m.160 views

Piwigo 13.6.0 - SQL Injection

Exploit Title: Piwigo 13.6.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/Piwigo/Piwigo Software Link: https://github.com/Piwigo/Piwigo Version: 13.6.0 Tested on: Windows CVE : CVE-2023-33362 Proof Of Concept: GET /admin.php?page=profile&userid='...

9.8CVSS7AI score0.09058EPSS
Exploits3
CNVD
CNVD
added 2025/11/18 12:0 a.m.4 views

Student Record System admin-profile.php file cross-site scripting vulnerability

Student Record System is a software application. Student Record System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the adminname and aemailid parameters of admin-profile.php, which can be exploited to...

6.1CVSS6.3AI score0.00196EPSS
Exploits1References1
CNVD
CNVD
added 2025/11/18 12:0 a.m.3 views

Student Record System admin-profile.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the adminname and aemailid parameters of admin-profile.php. An attacker can exploit this vulnerability t...

6.5CVSS8.3AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/15 12:47 a.m.11 views

CVE-2024-44636

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the adminname and aemailid parameters in /admin-profile.php...

6.5CVSS8AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/15 12:47 a.m.11 views

CVE-2024-44635

PHPGurukul Student Record System 3.20 is vulnerable to Cross Site Scripting XSS via adminname and aemailid parameters in /admin-profile.php...

6.1CVSS6.3AI score0.00196EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/14 9:2 p.m.6 views

EUVD-2025-197658

A security flaw has been discovered in Bdtask/CodeCanyon News365 up to 7.0.3. This affects an unknown function of the file /admin/dashboard/profile. The manipulation of the argument profileimage/bannerimage results in unrestricted upload. The attack can be launched remotely. The exploit has been...

5.8CVSS6.2AI score0.00318EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/11/14 9:2 p.m.25 views

CVE-2025-13185 Bdtask/CodeCanyon News365 profile unrestricted upload

A security flaw has been discovered in Bdtask/CodeCanyon News365 up to 7.0.3. This affects an unknown function of the file /admin/dashboard/profile. The manipulation of the argument profileimage/bannerimage results in unrestricted upload. The attack can be launched remotely. The exploit has been...

5.8CVSS0.00318EPSS
Exploits1References4
Rows per page
Query Builder