CVE-2025-25877

A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /admin.php. The attack can use SQL injection to obtain sensitive data...

CVE-2025-25877

A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /admin.php. The attack can use SQL injection to obtain sensitive data...

CVE-2025-25877

The CVE-2025-25877 entry concerns ITSourcecode Simple ChatBox (versions up to 1.0). The vulnerability affects unknown code in the /admin.php file and enables SQL injection to obtain sensitive data . Reported impact indicates potential data exposure with a low base score (CVSS 3.1: 3.8, LOW) and i...

CVE-2025-0842

A vulnerability was found in needyamin Library Card System 1.0 and classified as critical. This issue affects some unknown processing of the file admin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack may be initiated remotely. The...

CVE-2022-3973

A vulnerability classified as critical has been found in Pingkon HMS-PHP. Affected is an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection. It is possible to launch the attack remotely. The exploit...

CVE-2025-0842 needyamin Library Card System Login admin.php sql injection

A vulnerability was found in needyamin Library Card System 1.0 and classified as critical. This issue affects some unknown processing of the file admin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack may be initiated remotely. The...

CVE-2025-0842

CVE-2025-0842 affects the needyamin Library Card System 1.0, specifically the Login component's admin.php. The vulnerability arises from improper handling of the email and password parameters, enabling SQL injection. CVE entries and related advisories indicate remote exploitation with publicly di...

CVE-2024-11992

Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could allow remote users to bypass the intended restrictions and download any file if it has the appropriate permissions outside of documentroot configured on the server via the aDirFiles%5B0%5D parameter i...

CVE-2024-11992

CVE-2024-11992 concerns Quick.CMS v6.7. The vulnerability is an absolute path traversal in admin.php reachable via the aDirFiles%5B0%5D parameter, allowing remote attackers to bypass restrictions and download files outside the document root if permissions exist, and potentially delete server file...

CVE-2024-11992 Path traversal vulnerability in Quick.CMS

Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could allow remote users to bypass the intended restrictions and download any file if it has the appropriate permissions outside of documentroot configured on the server via the aDirFiles%5B0%5D parameter i...

CVE-2024-11342

The Skt NURCaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing or incorrect nonce validation in the skt-nurc-admin.php file. This makes it possible for unauthenticated attackers to update settings and inject...

CVE-2024-11127

A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploi...

CVE-2024-11127

A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploi...

CVE-2024-11127 code-projects Job Recruitment admin.php sql injection

A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploi...

CVE-2024-48708

Collabtive 3.1 is vulnerable to Cross-Site Scripting XSS via the name parameter in a file tasklist.php under action = add/edit and in b file admin.php under action = adduser/edituser...

CVE-2024-48707

Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the name parameter under a action=add or action=edit within managemilestone.php file and b action=addpro within admin.php file...

CVE-2024-46240

Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file...

UBUNTU-CVE-2024-46240

Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file...

CVE-2024-46240

Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file...

CVE-2024-48707

Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the name parameter under a action=add or action=edit within managemilestone.php file and b action=addpro within admin.php file...