CVE-2025-4869

A vulnerability classified as critical has been found in itsourcecode Restaurant Management System 1.0. This affects an unknown part of the file /admin/memberupdate.php. The manipulation of the argument menu leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2024-42775

An Incorrect Access Control vulnerability was found in /admin/addroomcontroller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access...

CVE-2021-24496

The Community Events WordPress plugin before 1.4.8 does not sanitise, validate or escape its importrowscount and successimportcount GET parameters before outputting them back in an admin page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in...

PT-2019-15211 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 10.0.2 Description: The issue is related to a cross-site scripting XSS problem. It occurs via the "outgoing email setup" feature, specifically in the "admin/mails.php?action=edit" URI, through the "Sender email for automatic...