1339 matches found
CVE-2025-7128 Campcodes Payroll Management System ajax.php sql injection
A vulnerability has been found in Campcodes Payroll Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=calculatepayroll. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploi...
CVE-2025-6826
The CVE-2025-6826 entry concerns code-projects Payroll Management System 1.0 where the vulnerability resides in /Payroll_Management_System/ajax.php?action=save_department. The root cause is an SQL injection caused by manipulation of the ID parameter, enabling remote exploitation. Public disclosur...
CVE-2025-6422 Campcodes Online Recruitment Management System About Content Page ajax.php unrestricted upload
A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=savesettings of the component About Content Page. The manipulation of the argument img leads to...
CVE-2025-6422
CVE-2025-6422 affects Campcodes Online Recruitment Management System 1.0, where an unrestricted upload is possible via /admin/ajax.php?action=save_settings (About Content Page) by manipulating the img parameter. The vulnerability is exploitable remotely and, per sources, the exploit has been disc...
CVE-2025-45387
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php...
CVE-2025-45387
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php...
CVE-2025-45387
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php...
CVE-2024-29809
The imageurl parameter of the AJAX call to the editimagebwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the imageurl parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The...
CVE-2024-7359
A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /ajax.php?action=saveestablishment. The manipulation of the argument name leads to cross site scripting. The...
CVE-2024-6417
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action=deleteuser. The manipulation of the argument id leads to sql injection. The attack may be launched...
CVE-2023-51049
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Abbsauth parameter at /admin/ajax.php...
CVE-2023-51050
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the Aproductauth parameter at /admin/ajax.php...
CVE-2023-39676
FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the callback parameter at ajax.php...
CVE-2023-33664
ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...
CVE-2023-24646
An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2023-33665
ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php...
CVE-2022-32019
Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=savecar...
CVE-2022-46950
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=deletewindow...
CVE-2022-46954
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=deletetransaction...
CVE-2022-32020
Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via ip/car-rental-management-system/admin/ajax.php?action=savesettings...