Lucene search
K

1339 matches found

RedhatCVE
RedhatCVE
added 2025/05/08 4:5 p.m.12 views

CVE-2025-4363

A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=endmembership. The manipulation of the argument rid leads to sql injection. The attack may be initiated remotely. Th...

9.8CVSS7.4AI score0.00421EPSS
Exploits1References1
CVE
CVE
added 2025/05/06 3:31 p.m.60 views

CVE-2025-4363

CVE-2025-4363 affects itsourcecode Gym Management System 1.0. The vulnerability is an SQL injection in the endpoint /ajax.php?action=end_membership (parameter rid). Reports consistently indicate a remote attack vector with potential high-severity impact (confidentiality, integrity, and availabili...

9.8CVSS7.5AI score0.00421EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/06 3:31 p.m.8 views

CVE-2025-4363 itsourcecode Gym Management System ajax.php sql injection

A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=endmembership. The manipulation of the argument rid leads to sql injection. The attack may be initiated remotely. Th...

7.5CVSS7.4AI score0.00421EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/05/06 2:0 p.m.19 views

CVE-2025-4359 itsourcecode Gym Management System ajax.php sql injection

A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=deletemember. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The...

7.5CVSS0.00421EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/05/06 2:0 p.m.14 views

CVE-2025-4359 itsourcecode Gym Management System ajax.php sql injection

A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=deletemember. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The...

7.5CVSS7.4AI score0.00421EPSS
Exploits1References5
NVD
NVD
added 2025/04/22 6:15 p.m.6 views

CVE-2023-44755

Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php...

9.8CVSS0.00456EPSS
Exploits1References2
OSV
OSV
added 2025/04/22 6:15 p.m.7 views

CVE-2023-44755

Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php...

9.8CVSS5.8AI score0.00456EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/03/19 10:18 a.m.9 views

CVE-2025-2199

SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query in ‘searchActionsToUpdate’, ‘searchSpecialitiesPending’,...

9.3CVSS7.7AI score0.00321EPSS
Exploits0References3
NVD
NVD
added 2025/03/17 11:15 a.m.5 views

CVE-2025-2202

Broken access control vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain sensitive information about other users such as id, name, login and email...

6.9CVSS0.00337EPSS
Exploits0References1
NVD
NVD
added 2025/03/17 10:15 a.m.21 views

CVE-2025-2199

SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query in ‘searchActionsToUpdate’, ‘searchSpecialitiesPending’,...

9.3CVSS0.00321EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/17 10:9 a.m.7 views

CVE-2025-2199 SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php

SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query in ‘searchActionsToUpdate’, ‘searchSpecialitiesPending’,...

9.3CVSS7.3AI score0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 8:58 a.m.10 views

CVE-2025-1185

A vulnerability was found in pihome-shc PiHome 2.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?Ajax=GetModalSensorGraph. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

6.5CVSS7.2AI score0.00577EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/12 7:31 a.m.14 views

CVE-2025-1185 pihome-shc PiHome ajax.php sql injection

A vulnerability was found in pihome-shc PiHome 2.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?Ajax=GetModalSensorGraph. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

6.5CVSS6.8AI score0.00577EPSS
Exploits1References4
CVE
CVE
added 2025/02/12 7:31 a.m.68 views

CVE-2025-1185

CVE-2025-1185 affects pihome-shc PiHome 2.0. The vulnerability is a SQL injection in an unknown portion of the file /ajax.php?Ajax=GetModal_Sensor_Graph that can be triggered remotely. Multiple connected documents confirm the issue and link it to PiHome 2.0; one PT Security entry also provides a ...

8.8CVSS6.7AI score0.00577EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/02/12 7:0 a.m.68 views

CVE-2025-1184

CVE-2025-1184 — pihome-shc PiHome 1.77 involves an SQL injection in the endpoint “/ajax.php?Ajax=GetModal_MQTTEdit” via the id parameter. Multiple connected sources confirm remote exploitation potential and public disclosure. The vulnerability affects an unknown functionality of that file, with C...

8.8CVSS6.8AI score0.00462EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/02/12 7:0 a.m.18 views

CVE-2025-1184 pihome-shc PiHome ajax.php sql injection

A vulnerability was found in pihome-shc PiHome 1.77 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?Ajax=GetModalMQTTEdit. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been...

6.5CVSS0.00462EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/02/12 7:0 a.m.8 views

CVE-2025-1184 pihome-shc PiHome ajax.php sql injection

A vulnerability was found in pihome-shc PiHome 1.77 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?Ajax=GetModalMQTTEdit. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been...

6.5CVSS6.8AI score0.00462EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/11/27 4:31 p.m.24 views

CVE-2024-11860 SourceCodester Best House Rental Management System POST Request ajax.php improper authorization

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=deletetenant of the component POST Request Handler. The manipulation of the argument id leads to improper authorization...

6.9CVSS0.00828EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2024/11/27 4:31 p.m.17 views

CVE-2024-11860 SourceCodester Best House Rental Management System POST Request ajax.php improper authorization

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=deletetenant of the component POST Request Handler. The manipulation of the argument id leads to improper authorization...

6.9CVSS7AI score0.00828EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2024/11/26 8:0 p.m.10 views

CVE-2024-11743 SourceCodester Best House Rental Management System POST Request ajax.php cross-site request forgery

A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=deleteuser of the component POST Request Handler. The manipulation leads to cross-site request forgery. It...

6.9CVSS7.1AI score0.00331EPSS
Exploits1References5
Rows per page
Query Builder