CVE-2021-41746

SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information...

CVE-2025-13422

A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/changespwd.php. Performing manipulation of the argument loginid results in sql injection. The attack may be initiated remotely. The exploit...

PT-2025-47161

Name of the Vulnerable Software and Affected Versions PHPGurukul Small CRM version 3.0 Description PHPGurukul Small CRM version 3.0 contains a SQL Injection flaw. This issue affects the change-password.php file through the oldpass parameter. The flaw could allow an attacker to inject malicious SQ...

Kashipara Online Service Management Portal 安全漏洞

Kashipara Online Service Management Portal is an online service management portal from Kashipara. A security vulnerability exists in Kashipara Online Service Management Portal version V1.0, which stems from improper handling of the rPassword parameter in the /osms/Requester/Requesterchangepass.ph...

The vulnerability of the microprogramming-based VoIP gateway software DBLTek allows attackers to execute arbitrary operating system commands.

The vulnerability of the microprogramming-based VoIP gateway software DBLTek exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to obtain the administrator password by using the reque...

CSICE Cross Site Request Forgery / Cross Site Scripting

http://www.csice.org/ Suffers from XSS and CSRF cross site scripting and cross site request forgery attacks. The vulnerability lies in the Post comment filelds in the following page move to this page 'only for authenticated user' http://www.csice.org/student/subjects.html and choose a subject and...