CVE-2018-25352

The CVE-2018-25352 entry concerns the WordPress plugin Ultimate Form Builder Lite (version 1.3.7 and earlier). The vulnerability is a SQL injection in the entry_id parameter, exploitable via POST to admin-ajax.php with the ufbl_get_entry_detail_action action. Authenticated attackers can manipulat...

CVE-2018-25331

CVE-2018-25331 affects Zenar Content Management System. The vulnerability is a Cross-Site Scripting (XSS) in the ajax.php endpoint, where unsanitized user input is reflected in the response. Exploitation is possible via POST parameters (notably the current_page parameter), enabling unauthenticate...

CVE-2018-25326

CVE-2018-25326 affects Google Drive for WordPress 2.2 and involves a path traversal vulnerability in gdrive-ajaxs.php. An unauthenticated attacker can exploit a crafted POST request by setting ajaxstype to del_fl_bkp and including directory traversal sequences in the file_name parameter (e.g., .....

CVE-2026-7549 SourceCodester Pharmacy Sales and Inventory System ajax.php delete_customer sql injection

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=deletecustomer. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2026-7549

SourceCodester Pharmacy Sales and Inventory System 1.0 is affected by a SQL injection in the /ajax.php?action=delete_customer endpoint. The vulnerability arises from manipulating the argument ID, enabling remote attacker to influence the database. An exploit has been published and may be used. Th...

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability, which arises from incorrect handling of the...

Exploit for Server-Side Request Forgery in Chamilo Chamilo_Lms

CVE-2026-33715 — Unauthenticated SSRF + Open Email Relay in Ch...

CVE-2026-7392 SourceCodester Pharmacy Sales and Inventory System ajax.php delete_supplier sql injection

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function deletesupplier of the file /ajax.php?action=deletesupplier. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been...

CVE-2026-7295 SourceCodester Pizzafy Ecommerce System ajax.php save_menu cross site scripting

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function savemenu of the file /admin/ajax.php?action=savemenu. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has be...

CVE-2026-7295

CVE-2026-7295 affects SourceCodester Pizzafy Ecommerce System 1.0. The vulnerability lies in the /admin/ajax.php?action=save_menu function, where manipulating the Name argument enables cross-site scripting (XSS). Exploitation can be performed remotely; the exploit has been disclosed publicly. No ...

EUVD-2026-26034

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This impacts the function savecategory of the file /admin/ajax.php?action=savecategory. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2026-7266 SourceCodester Pizzafy Ecommerce System ajax.php save_order sql injection

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function saveorder of the file /admin/ajax.php?action=saveorder. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public an...

CVE-2026-7264

SourceCodester Pizzafy Ecommerce System 1.0 contains a SQL injection flaw in the get_cart_items function (/admin/ajax.php?action=get_cart_items). The vulnerability is triggered by manipulating the ID argument, allowing remote exploitation. Public exploit material is available. No remediation deta...

CVE-2026-7227 SourceCodester Pizzafy Ecommerce System ajax.php login sql injection

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

PT-2026-35665

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function get cart count of the file /admin/ajax.php?action=get cart count. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit ha...

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability. This vulnerability stems from the operation o...

CVE-2026-33715

Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other AJAX endpoints, it does not include the global.inc.php file that performs...

Chamilo 代码问题漏洞

Chamilo is an open-source learning management system developed by Chamilo. Version Chamilo 2.0-RC.2 has code vulnerabilities. These vulnerabilities stem from the fact that the install.ajax.php file can be accessed without authentication. This could allow unauthorized attackers to exploit the SMTP...

PT-2026-32915

Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other AJAX endpoints, it does not include the global.inc.php file that performs...

SourceCodester Loan Management System 安全漏洞

The SourceCodester Loan Management System is an open-source loan management system developed by SourceCodester. Version 1.0 of the SourceCodester Loan Management System has a security vulnerability. This vulnerability stems from improper input cleaning of the borrowerid parameter in the file...