2475 matches found
Inventory Management System SQL注入漏洞
Inventory Management System is an inventory management system by stemword individual developers. A SQL injection vulnerability exists in Inventory Management System version 1.0, which originates from an incorrect manipulation of the parameter ID in the file /admin/user/index.php?view=edit, which...
EUVD-2025-197728
A security flaw has been discovered in PHPGurukul Tourism Management System 1.0. The affected element is an unknown function of the file /admin/user-bookings.php. The manipulation of the argument uid results in sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-13247
A security flaw has been discovered in PHPGurukul Tourism Management System 1.0. The affected element is an unknown function of the file /admin/user-bookings.php. The manipulation of the argument uid results in sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-13247
A security flaw has been discovered in PHPGurukul Tourism Management System 1.0. The affected element is an unknown function of the file /admin/user-bookings.php. The manipulation of the argument uid results in sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-13247 PHPGurukul Tourism Management System user-bookings.php sql injection
A security flaw has been discovered in PHPGurukul Tourism Management System 1.0. The affected element is an unknown function of the file /admin/user-bookings.php. The manipulation of the argument uid results in sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-13247 PHPGurukul Tourism Management System user-bookings.php sql injection
A security flaw has been discovered in PHPGurukul Tourism Management System 1.0. The affected element is an unknown function of the file /admin/user-bookings.php. The manipulation of the argument uid results in sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-13247
CVE-2025-13247 affects PHPGurukul Tourism Management System 1.0. The vulnerability is an SQL injection in an unknown function of the file /admin/user-bookings.php, caused by manipulation of the uid argument. It can be exploited remotely, and an exploit has been publicly released. Remediation guid...
PHPGurukul Tourism Management System SQL注入漏洞
PHPGurukul Tourism Management System is a website builder for tourism management from PHPGurukul. A SQL injection vulnerability exists in version 1.0 of the PHPGurukul Tourism Management System, which originates from an incorrect manipulation of the parameter uid in the file...
CVE-2025-4617
An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser. Browser self-protection should be enabled to mitigate this issue...
CVE-2025-4618
A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue...
EUVD-2025-197638
A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue...
CVE-2025-4618 Prisma Browser: Sensitive Information Disclosure Vulnerability in Prisma Browser
A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue...
EUVD-2025-197632
An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser. Browser self-protection should be enabled to mitigate this issue...
CVE-2025-4617 Prisma Browser: Insufficient Policy Enforcement Vulnerability in Prisma Browser
An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser. Browser self-protection should be enabled to mitigate this issue...
CVE-2025-4616 Prisma Browser: Insufficient Validation of Untrusted Input Vulnerability in Prisma Browser
An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to revert the browser’s security controls...
EUVD-2025-74047
The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the agerestrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an admin user with a hardcoded username and arbitrary password...
CVE-2025-11855 Age Restriction <= 3.0.2 - Subscriber+ Privilege Escalation
The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the agerestrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an admin user with a hardcoded username and arbitrary password...
CVE-2025-11855
CVE-2025-11855 affects the WordPress plugin “age-restriction” (versions up to 3.0.2). The root cause is missing authorization in the age_restrictionRemoteSupportRequest function, enabling any authenticated user (e.g., a subscriber) to create an administrator account with a hardcoded username and ...
CVE-2025-63711
CVE-2025-63711 is a CSRF vulnerability affecting SourceCodester Client Database Management System 1.0. The issue: the user deletion endpoint (e.g., superadmin_user_delete.php) accepts POST with user_id and lacks request origin checks, anti-CSRF tokens, and proper authentication/authorization. An ...
CVE-2025-62520
Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manageconfigcolumnspage.php can use the Copy From action to retrieve the columns configuration from a private project they have no...