CVE-2026-26712

code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admin.php...

CVE-2020-37081

Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database manageme...

CVE-2020-37081

CVE-2020-37081 describes multiple remote SQL injection vulnerabilities in Fishing Reservation System 7.5, affecting admin.php, cart.php, and calendar.php. The vulnerabilities allow attackers to inject SQL via parameters such as uid, pid, type, m, y, and code, potentially compromising the database...

CVE-2018-18261

In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter...

CVE-2021-27973

SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages...

CVE-2021-28006

Web Based Quiz System 1.0 is affected by cross-site scripting XSS in admin.php through the options parameter...

CVE-2024-34191

htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the deletepost function at admin.php. This vulnerability allows attackers to delete arbitrary files via a crafted request...

CVE-2024-41381

microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\settings\admin.php...

CVE-2023-53917

Affiliate Me version 5.0.1 contains a SQL injection vulnerability in the admin.php endpoint that allows authenticated administrators to manipulate database queries. Attackers can exploit the 'id' parameter with crafted union-based queries to extract sensitive user information including usernames...

EUVD-2025-203932

A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the adminlanguagefile and defaultpagelanguagefile in the admin.php component...

CVE-2025-67174

A local file inclusion LFI vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the adminlanguagefile and defaultpagelanguagefile in the admin.php component...

PT-2025-51955

Name of the Vulnerable Software and Affected Versions Affiliate Me version 5.0.1 Description The software contains a SQL injection issue in the admin.php endpoint. Authenticated administrators can manipulate database queries through the id parameter using crafted union-based queries. This allows...

RiteCMS 安全漏洞

RiteCMS is an open source content management system based on php and sqlite. RiteCMS has a file inclusion vulnerability, the vulnerability stems from the admin.php component does not do effective filtering of local file resource calls, an attacker can use this vulnerability to read any file on th...

CVE-2025-13576

Blog Site 1.0 is affected by CVE-2025-13576 due to improper authorization in the admin.php file. The vulnerability arises from an unclear/unknown function in /admin.php that can be manipulated to bypass authorization, enabling remote exploitation. Multiple endpoints are affected, and exploitation...

CVE-2025-13576 code-projects Blog Site admin.php improper authorization

A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. Multiple endpoints...

EUVD-2025-198595

A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. Multiple endpoints...

Code-Projects Blog Site 授权问题漏洞

Blog Site is a blogging system. Blog Site suffers from an improper authorization vulnerability that originates in the file /admin.php, which can be exploited by an attacker to compromise confidentiality, integrity, and availability...

CVE-2025-12932

CVE-2025-12932 affects SourceCodester Baby Care System 1.0. The vulnerability exists in the admin functionality, specifically the /admin.php?id=inbox endpoint, where improper handling of the message identifier (msgid) enables a SQL injection. The issue can be triggered remotely and is supported b...

CVE-2025-12332

A flaw has been found in SourceCodester Student Grades Management System 1.0. This affects the function deleteuser of the file /admin.php. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used...

SourceCodester Student Grades Management System 代码注入漏洞

SourceCodester Student Grades Management System is a SourceCodester open source student grades management system. A code injection vulnerability exists in SourceCodester Student Grades Management System version 1.0, which originates from a cross-site scripting vulnerability in the deleteuser...