Lucene search
K

90 matches found

Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.8 views

PT-2026-35665

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function get cart count of the file /admin/ajax.php?action=get cart count. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit ha...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:5 p.m.6 views

CVE-2026-33715

Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other AJAX endpoints, it does not include the global.inc.php file that performs...

7.2CVSS5.8AI score0.00208EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.9 views

PT-2026-32915

Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other AJAX endpoints, it does not include the global.inc.php file that performs...

7.2CVSS5.8AI score0.00208EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Chamilo 代码问题漏洞

Chamilo is an open-source learning management system developed by Chamilo. Version Chamilo 2.0-RC.2 has code vulnerabilities. These vulnerabilities stem from the fact that the install.ajax.php file can be accessed without authentication. This could allow unauthorized attackers to exploit the SMTP...

7.2CVSS5.8AI score0.00208EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.6 views

SourceCodester Loan Management System 安全漏洞

The SourceCodester Loan Management System is an open-source loan management system developed by SourceCodester. Version 1.0 of the SourceCodester Loan Management System has a security vulnerability. This vulnerability stems from improper input cleaning of the borrowerid parameter in the file...

5.4CVSS5.8AI score0.0022EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 1:31 p.m.3 views

CVE-2026-4815

A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via 'calls0messageids' parameter in '/supportboard/include/ajax.php' endpoint...

8.7CVSS5.8AI score0.00244EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

Support Board SQL注入漏洞

Support Board is a sales chat software developed by the British company Support Board. Version 3.7.7 of Support Board contains an SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter calls0messageids in the file /supportboard/include/ajax.php, which may...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/18 8:37 p.m.3 views

CVE-2026-32321

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute...

8.8CVSS6.1AI score0.00432EPSS
Exploits1References3
CVE
CVE
added 2026/03/18 8:37 p.m.11 views

CVE-2026-32321

ClipBucket v5.x prior to 5.5.3 #80 contains an authenticated time-based blind SQL injection in the actions/ajax.php endpoint. The vulnerability arises from insufficient input sanitization of the userid parameter, enabling an authenticated attacker to execute arbitrary SQL queries, leading to full...

8.8CVSS6.1AI score0.00432EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.3 views

PT-2026-26155

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute...

8.8CVSS6.1AI score0.00432EPSS
Exploits1References7
OSV
OSV
added 2026/02/22 12:31 a.m.6 views

GHSA-5M2G-4CF6-C3RG funadmin has Incorrect Privilege Assignment in its Configuration Handler

A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...

7.3CVSS5.3AI score0.00286EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/02/21 11:32 p.m.6 views

CVE-2026-2896

A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...

7.5CVSS5.3AI score0.00286EPSS
Exploits1References5
CVE
CVE
added 2026/02/18 12:0 a.m.19 views

CVE-2025-70141

The CVE-2025-70141 issue affects SourceCodester Customer Support System 1.0, where ajax.php’s dispatcher is missing authentication/authorization before invoking administrative methods in admin_class.php based on the action parameter. This allows an unauthenticated remote attacker to perform sensi...

9.4CVSS5.6AI score0.00546EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.4 views

ClipBucket SQL注入漏洞

ClipBucket is an open source and freely downloadable PHP script from MacWarrior Open Source. It is used for sharing video sites. A SQL injection vulnerability exists in ClipBucket v5 5.5.2-187 and prior versions, which stems from an unvalidated or uncleaned objid parameter in the /actions/ajax.ph...

9.8CVSS8AI score0.00342EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.7 views

PT-2026-2114

Name of the Vulnerable Software and Affected Versions ClipBucket versions 5.5.2 through 5.5.2-187 Description ClipBucket v5 is a video sharing platform susceptible to a Blind SQL Injection issue. The flaw exists within the add comment section of a channel. An attacker can exploit this by sending ...

9.8CVSS7.3AI score0.00342EPSS
Exploits1References6
CVE
CVE
added 2025/12/31 5:2 a.m.16 views

CVE-2025-15375

CVE-2025-15375 affects EyouCMS up to 1.7.7. The vulnerability is a deserialization flaw in the Ajax.php handler (function unserialize in file application/api/controller/Ajax.php, component arcpagelist) where manipulating the attstr argument can trigger deserialization. Impact is described as remo...

8.8CVSS6.1AI score0.00371EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.4 views

EfficientIP SOLIDserver IPAM 路径遍历漏洞

EfficientIP SOLIDserver IPAM is an integrated IP address management system from EfficientIP France. A path traversal vulnerability exists in EfficientIP SOLIDserver IPAM version 8.2.3, which stems from a directory traversal issue in the parameter directory in...

5.1CVSS6.7AI score0.0047EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-29387

Malware in sbrugna...

9.8CVSS9.5AI score0.01407EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-35277

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00926EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/16 8:2 p.m.4 views

CVE-2025-10563 Campcodes Grocery Sales and Inventory System ajax.php sql injection

A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=savecategory. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the...

7.5CVSS6.8AI score0.00438EPSS
Exploits1References5
Rows per page
Query Builder