90 matches found
PT-2026-35665
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function get cart count of the file /admin/ajax.php?action=get cart count. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit ha...
CVE-2026-33715
Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other AJAX endpoints, it does not include the global.inc.php file that performs...
PT-2026-32915
Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other AJAX endpoints, it does not include the global.inc.php file that performs...
Chamilo 代码问题漏洞
Chamilo is an open-source learning management system developed by Chamilo. Version Chamilo 2.0-RC.2 has code vulnerabilities. These vulnerabilities stem from the fact that the install.ajax.php file can be accessed without authentication. This could allow unauthorized attackers to exploit the SMTP...
SourceCodester Loan Management System 安全漏洞
The SourceCodester Loan Management System is an open-source loan management system developed by SourceCodester. Version 1.0 of the SourceCodester Loan Management System has a security vulnerability. This vulnerability stems from improper input cleaning of the borrowerid parameter in the file...
CVE-2026-4815
A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via 'calls0messageids' parameter in '/supportboard/include/ajax.php' endpoint...
Support Board SQL注入漏洞
Support Board is a sales chat software developed by the British company Support Board. Version 3.7.7 of Support Board contains an SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter calls0messageids in the file /supportboard/include/ajax.php, which may...
CVE-2026-32321
ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute...
CVE-2026-32321
ClipBucket v5.x prior to 5.5.3 #80 contains an authenticated time-based blind SQL injection in the actions/ajax.php endpoint. The vulnerability arises from insufficient input sanitization of the userid parameter, enabling an authenticated attacker to execute arbitrary SQL queries, leading to full...
PT-2026-26155
ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute...
GHSA-5M2G-4CF6-C3RG funadmin has Incorrect Privilege Assignment in its Configuration Handler
A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...
CVE-2026-2896
A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has bee...
CVE-2025-70141
The CVE-2025-70141 issue affects SourceCodester Customer Support System 1.0, where ajax.php’s dispatcher is missing authentication/authorization before invoking administrative methods in admin_class.php based on the action parameter. This allows an unauthenticated remote attacker to perform sensi...
ClipBucket SQL注入漏洞
ClipBucket is an open source and freely downloadable PHP script from MacWarrior Open Source. It is used for sharing video sites. A SQL injection vulnerability exists in ClipBucket v5 5.5.2-187 and prior versions, which stems from an unvalidated or uncleaned objid parameter in the /actions/ajax.ph...
PT-2026-2114
Name of the Vulnerable Software and Affected Versions ClipBucket versions 5.5.2 through 5.5.2-187 Description ClipBucket v5 is a video sharing platform susceptible to a Blind SQL Injection issue. The flaw exists within the add comment section of a channel. An attacker can exploit this by sending ...
CVE-2025-15375
CVE-2025-15375 affects EyouCMS up to 1.7.7. The vulnerability is a deserialization flaw in the Ajax.php handler (function unserialize in file application/api/controller/Ajax.php, component arcpagelist) where manipulating the attstr argument can trigger deserialization. Impact is described as remo...
EfficientIP SOLIDserver IPAM 路径遍历漏洞
EfficientIP SOLIDserver IPAM is an integrated IP address management system from EfficientIP France. A path traversal vulnerability exists in EfficientIP SOLIDserver IPAM version 8.2.3, which stems from a directory traversal issue in the parameter directory in...
EUVD-2020-29387
Malware in sbrugna...
EUVD-2024-35277
Malicious code in bioql PyPI...
CVE-2025-10563 Campcodes Grocery Sales and Inventory System ajax.php sql injection
A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=savecategory. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the...