CVE-2026-35672

CVE-2026-35672 affects phpMyFAQ prior to 4.1.3 where the default API client token is an empty string. The authentication check compares the configured token to the request header x-pmf-token and uses strict inequality; if the header is empty, authentication is bypassed. This allows unauthenticate...

CVE-2025-59544

Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "categoryid" parameter which allows users to update the category of any user by replacing the "categoryid" parameter. This issue...

CVE-2025-59544 Chamilo: Unauthorized access to update category of any user

Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "categoryid" parameter which allows users to update the category of any user by replacing the "categoryid" parameter. This issue...

CVE-2025-59544 Chamilo: Unauthorized access to update category of any user

Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "categoryid" parameter which allows users to update the category of any user by replacing the "categoryid" parameter. This issue...

CVE-2025-59544 Chamilo: Unauthorized access to update category of any user

Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "categoryid" parameter which allows users to update the category of any user by replacing the "categoryid" parameter. This issue...

CVE-2025-59544

Chamilo LMS prior to v1.11.34 contained an authorization bypass in the category_id parameter that allowed updating any user’s category without checks. The issue affects the user category update functionality and was fixed in v1.11.34. CVSS 4.0 base score 6.9 (MEDIUM) with NETWORK attack vector an...

PT-2026-23633

Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "category id" parameter which allows users to update the category of any user by replacing the "category id" parameter. This iss...

CVE-2026-25993

EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / requestpath values—derived from the urlkey stored in the database—into SQL statements via string concatenation and passes them to execute. As a result, if a malicio...

CVE-2026-25993

EverShop (TypeScript-based eCommerce platform) is affected by a second-order SQL injection during category update/delete handling. The vulnerability stems from embedding path/request_path values, derived from the url_key stored in the database, into SQL statements via string concatenation that ar...

CVE-2026-25993 EverShop has a Second-Order SQL Injection in URL Rewrite Processing Derived from Category URL Keys

EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / requestpath values—derived from the urlkey stored in the database—into SQL statements via string concatenation and passes them to execute. As a result, if a malicio...

PT-2026-7418

Name of the Vulnerable Software and Affected Versions EverShop versions prior to 2.1.1 Description EverShop is a TypeScript-first eCommerce platform susceptible to a second-order SQL injection. During category update and deletion event handling, the application incorporates values from the url...

CVE-2026-2132

A security flaw has been discovered in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Administrator/PHP/AdminUpdateCategory.php. The manipulation of the argument txtcat results in sql injection. The attack can be executed remotely. The exploit has bee...

CVE-2026-1081

The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category update functionality. This makes it possible for unauthenticated attackers to modify post categorie...

CVE-2018-20564

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/productcategory.php?rec=update has XSS via the catname parameter...

CVE-2025-4193

A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/categoryupdate.php. The manipulation of the argument Category leads to sql injection. The attack may be launched remotely...

itsourcecode Restaurant Management System 安全漏洞

itsourcecode Restaurant Management System is an itsourcecode open source restaurant management system. A security vulnerability exists in version 1.0 of itsourcecode Restaurant Management System, which is caused by a SQL injection due to incorrect manipulation of the parameter Category in the fil...

Moodle 4.2.x < 4.2.3 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.24 / 3.11.x prior to 3.11.17 / 4.0.x prior to 4.0.11 / 4.1.x prior to 4.1.6 / 4.2.x prior to 4.2.3. It is, therefore, affected by multiple vulnerabilities: - Forum summary report shows students fr...

CVE-2025-3335

A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/categoryupdate.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. Th...

CVE-2025-3335 codeprojects Online Restaurant Management System category_update.php sql injection

A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/categoryupdate.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. Th...

Online Restaurant Management System 安全漏洞

Online Restaurant Management System is a Code-projects open source online restaurant management system. A security vulnerability exists in Online Restaurant Management System version 1.0, which originates from improper handling of parameter IDs in the /admin/categoryupdate.php file, which may lea...