EUVD-2026-26137

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function deletecategory of the file /admin/ajax.php?action=deletecategory. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and...

CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Blogs Posts Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS - Stored Cross-Site Scripting via Unsanitized Blog Post Content in Blog Management Categories Description The application fails to properly sanitize user-controlled input wh...

GHSA-584P-RPVQ-35VF AVideo has SQL Injection in category.php fixCleanTitle() via Unparameterized clean_title and id Variables

Summary The fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized queries. An attacker who can trigger category creation or renaming with a craft...

SourceCodester Sales and Inventory System SQL注入漏洞

The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the paramete...

itsourcecode News Portal Project SQL注入漏洞

itsourcecode News Portal Project is an open-source news portal project developed by itsourcecode. Version 1.0 of the itsourcecode News Portal Project contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of parameters in the...

WordPress Categorify plugin <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxDeleteCategory vulnerability

Cross-Site Request Forgery via categorifyAjaxDeleteCategory vulnerability discovered by Francesco Carlucci in WordPress Plugin Categorify versions = 1.0.7.4...

CVE-2020-36954 Xeroneit Library Management System 3.1 - "Add Book Category " Stored XSS

Xeroneit Library Management System 3.1 contains a stored cross-site scripting vulnerability in the Book Category feature that allows administrators to inject malicious scripts. Attackers can insert a payload in the Category Name field to execute arbitrary JavaScript code when the page is loaded...

CVE-2025-14952

CVE-2025-14952 affects Campcodes Supplier Management System 1.0. The vulnerability lies in /admin/add_category.php where manipulating the txtCategoryName parameter leads to SQL injection. It is a remote issue and, according to multiple sources, the exploit is publicly available. The Red Hat and E...

EUVD-2025-36217

A vulnerability was identified in SourceCodester Point of Sales 1.0. This issue affects some unknown processing of the file /category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might b...

CVE-2025-8984

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expensecategory.php. The manipulation of the argument expensename leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2025-8984 itsourcecode Online Tour and Travel Management System expense_category.php sql injection

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expensecategory.php. The manipulation of the argument expensename leads to sql injection. It is possible to launch the attack remotely. The...

SEMCMS 安全漏洞

SEMCMS is SEMCMS open source content management system CMS for foreign trade websites that supports multi-language. A security vulnerability exists in SEMCMS v5.0, which originates from SQL injection of the pid parameter in SEMCMSCategories.php...

CVE-2025-29013 WordPress Custom Category/Post Type Post order plugin <= 1.6.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in faaiq Custom Category/Post Type Post order custom-post-order-category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Category/Post Type Post order: from n/a through = 1.6.0...

CVE-2024-3316

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/category/viewcategory.php. The manipulation of the argument id leads to sql injection. The attack...

CVE-2024-3131

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=savecategory. The manipulation of the argument id leads to sql injection. The attack can be initiated...

PHPGurukul Notice Board System 注入漏洞

Notice Board System is a bulletin board system. A SQL injection vulnerability exists in the Notice Board System, which originates from the lack of validation of externally entered SQL statements in the /category.php file with the parameter catname. An attacker can exploit this vulnerability to...

CVE-2024-0355

A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and...

CVE-2020-5843

Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen...

WordPress wp-google-map-plugin plugin cross-site request forgery vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-google-map-plugin plugin is a Google Maps plugin used in it. A cross-site request forgery vulnerability exists in th...

PT-2019-7268 · WordPress · Wp-Google-Map-Plugin

Name of the Vulnerable Software and Affected Versions: wp-google-map-plugin versions prior to 2.3.10 Description: The issue concerns a CSRF vulnerability in the add/edit category feature of the wp-google-map-plugin plugin for WordPress. Recommendations: For versions prior to 2.3.10, update to...