Lucene search
+L

262 matches found

osv
osv
added 2026/01/14 6:21 p.m.6 views

CVE-2026-23492 Pimcore has a Blind SQL Injection in Admin Search Find API due to an incomplete fix for CVE-2023-30848

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...

8.8CVSS5.9AI score0.00428EPSS
Exploits1References4
cnnvd
cnnvd
added 2026/01/14 12:0 a.m.5 views

Pimcore SQL注入漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A SQL injection vulnerability exists in Pimcore...

8.8CVSS7.4AI score0.00428EPSS
Exploits1References3
cnvd
cnvd
added 2026/01/14 12:0 a.m.4 views

Complete Online Beauty Parlor Management System /search-invoices.php File Cross-Site Scripting Vulnerability

Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a cross-site scripting vulnerability that stems from an incorrect manipulation of the parameter searchdata in the file...

4.8CVSS5.8AI score0.00198EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/01/14 12:0 a.m.8 views

PT-2026-2947

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 12.3.1 Pimcore versions prior to 11.5.14 Description Pimcore is an Open Source Data & Experience Management Platform. An incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to...

8.8CVSS8.6AI score0.00428EPSS
Exploits1References14
redhatcve
redhatcve
added 2025/12/30 1:8 p.m.13 views

CVE-2025-15188

A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing a manipulation of the argument searchdata can lead to cross site scripting. The attack can be launched remotel...

4.8CVSS3AI score0.00198EPSS
Exploits1References1
euvd
euvd
added 2025/12/29 3:30 p.m.5 views

EUVD-2025-205576

A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing manipulation of the argument searchdata can lead to cross site scripting. The attack can be launched remotely...

4.8CVSS5.3AI score0.00198EPSS
Exploits1References6
osv
osv
added 2025/12/29 1:15 p.m.5 views

CVE-2025-15188

A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing a manipulation of the argument searchdata can lead to cross site scripting. The attack can be launched remotel...

4.8CVSS4.1AI score0.00198EPSS
Exploits1References5
attackerkb
attackerkb
added 2025/12/29 12:32 p.m.3 views

CVE-2025-15188

A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing a manipulation of the argument searchdata can lead to cross site scripting. The attack can be launched remotel...

4.8CVSS3.8AI score0.00198EPSS
Exploits1References5Affected Software1
vulnrichment
vulnrichment
added 2025/12/29 12:32 p.m.5 views

CVE-2025-15188 Campcodes Complete Online Beauty Parlor Management System search-invoices.php cross site scripting

A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing a manipulation of the argument searchdata can lead to cross site scripting. The attack can be launched remotel...

4.8CVSS3AI score0.00198EPSS
Exploits1References5
cnvd
cnvd
added 2025/12/25 12:0 a.m.6 views

Complete Online Beauty Parlor Management System /search-invoices.php File SQL Injection Vulnerability

Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the file...

9.8CVSS6AI score0.00326EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/12/21 12:0 a.m.4 views

CampCodes Complete Online Beauty Parlor Management System SQL注入漏洞

Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the file...

9.8CVSS7.2AI score0.00326EPSS
Exploits1References6
redhatcve
redhatcve
added 2025/12/14 11:0 a.m.9 views

CVE-2025-14589

A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing a manipulation of the argument keyname can lead to sql injection. The attack may be performed from remote. The exploit has been made...

8.8CVSS6.3AI score0.00307EPSS
Exploits1References1
euvd
euvd
added 2025/12/13 6:30 p.m.8 views

EUVD-2025-203258

A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing manipulation of the argument keyname can lead to sql injection. The attack may be performed from remote. The exploit has been made...

6.5CVSS6.3AI score0.00307EPSS
Exploits1References6
nvd
nvd
added 2025/12/13 4:16 p.m.8 views

CVE-2025-14589

A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing a manipulation of the argument keyname can lead to sql injection. The attack may be performed from remote. The exploit has been made...

8.8CVSS0.00307EPSS
Exploits1References5
osv
osv
added 2025/12/13 4:16 p.m.5 views

CVE-2025-14589

A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing a manipulation of the argument keyname can lead to sql injection. The attack may be performed from remote. The exploit has been made...

8.8CVSS5.7AI score0.00307EPSS
Exploits1References5
cvelist
cvelist
added 2025/12/13 12:2 p.m.31 views

CVE-2025-14590 code-projects Prison Management System search1.php sql injection

A security vulnerability has been detected in code-projects Prison Management System 2.0. Impacted is an unknown function of the file /admin/search1.php. The manipulation of the argument keyname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

7.5CVSS0.00385EPSS
Exploits1References5
cve
cve
added 2025/12/13 10:32 a.m.19 views

CVE-2025-14589

Summary (CVE-2025-14589) : The “code-projects Prison Management System 2.0” is affected by a SQL injection vulnerability in the file /admin/search.php, triggered by manipulating the parameter keyname . The underlying cause is lack of validation of externally supplied SQL, enabling remote exploita...

8.8CVSS6.3AI score0.00307EPSS
Exploits1References5Affected Software1
cvelist
cvelist
added 2025/12/13 10:32 a.m.32 views

CVE-2025-14589 code-projects Prison Management System search.php sql injection

A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing a manipulation of the argument keyname can lead to sql injection. The attack may be performed from remote. The exploit has been made...

6.5CVSS0.00307EPSS
Exploits1References5
attackerkb
attackerkb
added 2025/12/13 10:32 a.m.6 views

CVE-2025-14589

A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing a manipulation of the argument keyname can lead to sql injection. The attack may be performed from remote. The exploit has been made...

8.8CVSS5.4AI score0.00307EPSS
Exploits1References5Affected Software1
vulnrichment
vulnrichment
added 2025/12/13 10:32 a.m.2 views

CVE-2025-14589 code-projects Prison Management System search.php sql injection

A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing a manipulation of the argument keyname can lead to sql injection. The attack may be performed from remote. The exploit has been made...

6.5CVSS6.3AI score0.00307EPSS
Exploits1References5
Rows per page
Query Builder