1339 matches found
CVE-2025-4363
A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=endmembership. The manipulation of the argument rid leads to sql injection. The attack may be initiated remotely. Th...
CVE-2025-4363
CVE-2025-4363 affects itsourcecode Gym Management System 1.0. The vulnerability is an SQL injection in the endpoint /ajax.php?action=end_membership (parameter rid). Reports consistently indicate a remote attack vector with potential high-severity impact (confidentiality, integrity, and availabili...
CVE-2025-4363 itsourcecode Gym Management System ajax.php sql injection
A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=endmembership. The manipulation of the argument rid leads to sql injection. The attack may be initiated remotely. Th...
CVE-2025-4359 itsourcecode Gym Management System ajax.php sql injection
A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=deletemember. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The...
CVE-2025-4359 itsourcecode Gym Management System ajax.php sql injection
A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=deletemember. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The...
CVE-2023-44755
Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php...
CVE-2023-44755
Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php...
CVE-2025-2199
SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query in ‘searchActionsToUpdate’, ‘searchSpecialitiesPending’,...
CVE-2025-2202
Broken access control vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain sensitive information about other users such as id, name, login and email...
CVE-2025-2199
SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query in ‘searchActionsToUpdate’, ‘searchSpecialitiesPending’,...
CVE-2025-2199 SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php
SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query in ‘searchActionsToUpdate’, ‘searchSpecialitiesPending’,...
CVE-2025-1185
A vulnerability was found in pihome-shc PiHome 2.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?Ajax=GetModalSensorGraph. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...
CVE-2025-1185 pihome-shc PiHome ajax.php sql injection
A vulnerability was found in pihome-shc PiHome 2.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?Ajax=GetModalSensorGraph. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...
CVE-2025-1185
CVE-2025-1185 affects pihome-shc PiHome 2.0. The vulnerability is a SQL injection in an unknown portion of the file /ajax.php?Ajax=GetModal_Sensor_Graph that can be triggered remotely. Multiple connected documents confirm the issue and link it to PiHome 2.0; one PT Security entry also provides a ...
CVE-2025-1184
CVE-2025-1184 — pihome-shc PiHome 1.77 involves an SQL injection in the endpoint “/ajax.php?Ajax=GetModal_MQTTEdit” via the id parameter. Multiple connected sources confirm remote exploitation potential and public disclosure. The vulnerability affects an unknown functionality of that file, with C...
CVE-2025-1184 pihome-shc PiHome ajax.php sql injection
A vulnerability was found in pihome-shc PiHome 1.77 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?Ajax=GetModalMQTTEdit. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2025-1184 pihome-shc PiHome ajax.php sql injection
A vulnerability was found in pihome-shc PiHome 1.77 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?Ajax=GetModalMQTTEdit. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2024-11860 SourceCodester Best House Rental Management System POST Request ajax.php improper authorization
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=deletetenant of the component POST Request Handler. The manipulation of the argument id leads to improper authorization...
CVE-2024-11860 SourceCodester Best House Rental Management System POST Request ajax.php improper authorization
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=deletetenant of the component POST Request Handler. The manipulation of the argument id leads to improper authorization...
CVE-2024-11743 SourceCodester Best House Rental Management System POST Request ajax.php cross-site request forgery
A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=deleteuser of the component POST Request Handler. The manipulation leads to cross-site request forgery. It...