14 matches found
AVideo has SQL Injection in category.php fixCleanTitle() via Unparameterized clean_title and id Variables
Summary The fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized queries. An attacker who can trigger category creation or renaming with a craft...
EUVD-2026-15027
A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file updatecategory.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is...
code-projects Online Guitar Store SQL注入漏洞
Code-Projects Online Guitar Store is an online guitar store by Code-Projects open source. A SQL injection vulnerability exists in code-projects Online Guitar Store version 1.0, which stems from an incorrect manipulation of the parameter dreCtitle in the file /admin/Createcategory.php, which could...
Simple Food Ordering System editcategory.php File SQL Injection Vulnerability
Simple Food Ordering System is a simple food ordering system. The Simple Food Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter cname in the file editcategory.php. An attacker can exploit th...
CVE-2025-11552
A vulnerability was identified in code-projects Online Complaint Site 1.0. This impacts an unknown function of the file /admin/category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might...
PHPGurukul Dairy Farm Shop Management System 安全漏洞
Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . The Dairy Farm Shop Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter categorycode in the file...
Ubuntu: Security Advisory (USN-7496-3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-40474
A Reflected Cross Site Scripting XSS vulnerability was found in "edit-cate.php" in SourceCodester House Rental Management System v1.0...
PT-2024-38058 · Sourcecodester · Sourcecodester Insurance Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Insurance Management System version 1.0 Description: A problematic issue has been discovered, affecting an unknown part of the file /Script/admin/core/update sub category. The manipulation of the name argument leads to cross-si...
CVE-2023-5286
A vulnerability, which was classified as problematic, has been found in SourceCodester Expense Tracker App v1. Affected by this issue is some unknown functionality of the file addcategory.php of the component Category Handler. The manipulation of the argument categoryname leads to cross site...
Music Gallery Site SQL注入漏洞
Music Gallery Site is a music gallery site by Carlo Montero, a personal developer. A SQL injection vulnerability exists in SourceCodester Music Gallery Site version 1.0 due to some unknown processing in the file viewcategory.php, which results in an sql injection via the parameter id...
CVE-2007-6646
Multiple cross-site scripting XSS vulnerabilities in LiveCart 1.0.1, and possibly other versions before 1.1.0, allow remote attackers to inject arbitrary web script or HTML via 1 the return parameter to user/remindPassword, 2 the q parameter to the category script, 3 the return parameter to the...
CVE-2007-6646
Multiple cross-site scripting XSS vulnerabilities in LiveCart 1.0.1, and possibly other versions before 1.1.0, allow remote attackers to inject arbitrary web script or HTML via 1 the return parameter to user/remindPassword, 2 the q parameter to the category script, 3 the return parameter to the...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in LiveCart 1.0.1, and possibly other versions before 1.1.0, allow remote attackers to inject arbitrary web script or HTML via 1 the return parameter to user/remindPassword, 2 the q parameter to the category script, 3 the return parameter to the...