37 matches found
EUVD-2026-25854
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=deletecategory. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has...
CVE-2026-30531
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecategory action. The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious S...
SourceCodester Online Food Ordering System 安全漏洞
The SourceCodester Online Food Ordering System is an open-source online meal ordering system developed by SourceCodester. Version 1.0 of the SourceCodester Online Food Ordering System contains a security vulnerability. This vulnerability arises from the fact that the savecategory operation in the...
PT-2026-28404
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the save category action. The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious...
EUVD-2019-2149
Malware in sbrugna...
EUVD-2021-30101
Malicious code in bioql PyPI...
CVE-2025-10564
A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=deletecategory. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been...
CVE-2025-10564 Campcodes Grocery Sales and Inventory System ajax.php sql injection
A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=deletecategory. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been...
CVE-2025-10564
CVE-2025-10564 affects Campcodes Grocery Sales and Inventory System 1.0. The vulnerability is a SQL injection in the unknown function of /ajax.php?action=delete_category, triggered by manipulating the ID parameter. It is exploitable remotely, and the exploit has been made public. Some connected s...
CVE-2021-24848
The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection...
CVE-2024-46600
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/doAdminAction.php?act=delCate&id=31...
GHSA-74X7-MFVG-H2WF MantisBT Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in manageprojcatadd.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action...
MantisBT Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in manageprojcatadd.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action...
CVE-2021-43154
Cross Site Scripting XSS vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php...
Cross site scripting
Cross Site Scripting XSS vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php...
CVE-2021-43154
Cross Site Scripting XSS vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php...
CVE-2021-43154
CVE-2021-43154 affects CMS Made Simple 2.2.15, with a cross-site scripting (XSS) flaw in the Name field of the Add Category action in moduleinterface.php. The vulnerability stems from insufficient input sanitization/validation in that field, allowing injected scripts to be stored or reflected. Re...
CVE-2021-24342
The JNews WordPress theme before 8.0.6 did not sanitise the catid parameter in the POST request /?ajax-request=jnews with action=jnewsbuildmegacategory, leading to a Reflected Cross-Site Scripting XSS issue...
SQL injection vulnerability in phpaaCMS v0.5 category.action.php page
phpaaCMS is a simple article management system. A SQL injection vulnerability exists in the /admin/category.action.php page of phpaaCMS v0.5, which can be exploited by attackers to obtain sensitive database information...
CVE-2017-17872
The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action...