CVE-2026-10171

A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public a...

CVE-2026-29909

MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials...

EUVD-2026-4989

A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editexpensesquery.php. Executing a manipulation of the argument detail can lead to sql injection. The attack may be launched remotely. The...

CVE-2025-12261

CodeAstro Gym Management System 1.0 is affected by a SQL injection in /admin/actions/remove-announcement.php caused by manipulation of the ID parameter. The vulnerability can be exploited remotely and the exploit has been made public. Affected product/component: CodeAstro Gym Management System 1....

EUVD-2016-1277

Malware in sbrugna...

EUVD-2025-24149

Malicious code in bioql PyPI...

PT-2025-36538

Name of the Vulnerable Software and Affected Versions: SiempreCMS versions prior to 1.3.7 Description: A vulnerability was identified in SiempreCMS that allows for unrestricted file upload through manipulation of unknown code within the /docs/admin/file upload.php file. The attack can be launched...

CVE-2025-8852

A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to information exposure through error message. It is possible to initiate the attack remotely. The exploit ha...

Online Admission System SQL Injection Vulnerability

Online Admission System is an online admission system. The Online Admission System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID of the file /adminac.php. An attacker can exploit this vulnerability to...

CVE-2025-7860

A vulnerability, which was classified as critical, has been found in code-projects Church Donation System 1.0. This issue affects some unknown processing of the file /members/loginadmin.php. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. Th...

1000 Projects Attendance Tracking Management System 注入漏洞

1000 Projects Attendance Tracking Management System is an open source attendance management system from 1000 Projects. 1000 Projects Attendance Tracking Management System version 1.0 suffers from an injection vulnerability, which originates from the parameter facultycourseid in the file...

PT-2024-15587 · Unknown · Code-Projects Human Resource Integrated System

Name of the Vulnerable Software and Affected Versions: code-projects Human Resource Integrated System version 1.0 Description: A critical issue has been found in the system, affecting an unknown part of the file /admin route/inc service credits.php. The manipulation of the id argument leads to SQ...

CVE-2023-4593

Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmindll.htm file...

CmsEasy 路径遍历漏洞

CmsEasy is a content management system CMS for creating responsive websites from China's Kyushu Yitong Technology CmsEasy. A security vulnerability exists in CmsEasy version v7.7.7.7 20230520, which originates from a path traversal vulnerability in the addaction method in...

PHP-Fusion cross-site scripting vulnerability (CNVD-2021-31477)

PHP-Fusion is a Malaysian company PHP-Fusion open source lightweight content management system based on MySql and PHP . The system contains modules such as news, articles and forums. A cross-site scripting vulnerability exists in the Preview Comment function of the administration/comments.php fil...

PT-2007-3364 · Xo Design · Xodagallery

Name of the Vulnerable Software and Affected Versions: xodagallery affected versions not specified Description: The issue allows remote attackers to execute arbitrary code via the cmd parameter in administration.php. However, it's noted that administration.php does not use the cmd parameter for...

webmin 0.91 - Directory Traversal

source: https://www.securityfocus.com/bid/3698/info Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms, you can setup user accounts, Apache, DNS, file sharing and so on. Webmin will run on most Unix variants, providing it has been...