35 matches found
CVE-2025-14482
The Crush.pics Image Optimizer - Image Compression and Optimization plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple functions in all versions up to, and including, 1.8.7. This makes it possible for authenticated attackers, with...
CVE-2025-14482 Crush.pics Image Optimizer <= 1.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update
The Crush.pics Image Optimizer - Image Compression and Optimization plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple functions in all versions up to, and including, 1.8.7. This makes it possible for authenticated attackers, with...
EUVD-2025-1609
Malicious code in bioql PyPI...
EUVD-2025-31459
Malicious code in bioql PyPI...
CVE-2025-11103
A security vulnerability has been detected in Projectworlds Online Tours and Travels 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be initiated remotel...
CVE-2025-11103
A security vulnerability has been detected in Projectworlds Online Tours and Travels 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be initiated remotel...
CVE-2025-11103
A security vulnerability has been detected in Projectworlds Online Tours and Travels 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be initiated remotel...
CVE-2025-11103
CVE-2025-11103 affects Projectworlds Online Tours and Travels 1.0. The vulnerability is in the /admin/change-image.php file, where manipulating the packageimage argument leads to unrestricted file uploads. Attacks may be initiated remotely, and the exploit has been publicly disclosed. Several sou...
CVE-2025-11103 Projectworlds Online Tours and Travels change-image.php unrestricted upload
A security vulnerability has been detected in Projectworlds Online Tours and Travels 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be initiated remotel...
CVE-2025-11103 Projectworlds Online Tours and Travels change-image.php unrestricted upload
A security vulnerability has been detected in Projectworlds Online Tours and Travels 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be initiated remotel...
Projectworlds Online Tours and Travels 代码问题漏洞
Projectworlds Online Tours and Travels is an online tours and travels program by Projectworlds India. A code issue vulnerability exists in Projectworlds Online Tours and Travels version 1.0, which stems from improper manipulation of the parameter packageimage in the file /admin/change-image.php,...
PHPGurukul Local Services Search Engine Management System 注入漏洞
PHPGurukul Local Services Search Engine Management System is a local services search engine management system from PHPGurukul. An injection vulnerability exists in PHPGurukul Local Services Search Engine Management System version 2.1, which originates from an SQL injection caused by the parameter...
CVE-2025-5558
A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely...
CVE-2025-4156
A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/change-image.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been...
PHPGurukul Boat Booking System 注入漏洞
PHPGurukul Boat Booking System is a boat booking system from PHPGurukul. An injection vulnerability exists in version 1.0 of the PHPGurukul Boat Booking System, which stems from SQL injection due to incorrect manipulation of the parameter ID in the file /admin/change-image.php...
CVE-2025-0335
A vulnerability was found in code-projects Online Bike Rental System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component Change Image Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been...
CVE-2025-0335 code-projects Online Bike Rental System Change Image unrestricted upload
A vulnerability was found in code-projects Online Bike Rental System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component Change Image Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been...
CVE-2025-0335 code-projects Online Bike Rental System Change Image unrestricted upload
A vulnerability was found in code-projects Online Bike Rental System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component Change Image Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been...
PT-2025-3832 · Unknown · Code-Projects Online Bike Rental System
Name of the Vulnerable Software and Affected Versions: code-projects Online Bike Rental System version 1.0 Description: A critical issue has been found in the Change Image Handler component, allowing for unrestricted upload. This can be exploited remotely. The issue affects some unknown...
PT-2024-34560 · Unknown · Anuj Kumar'S Boat Booking System
Name of the Vulnerable Software and Affected Versions: Anuj Kumar's Boat Booking System version 1.0 Description: The issue allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter in the change-image.php file. This enables attackers to potentially execute...