CVE-2021-41746

SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information...

CVE-2025-13422

A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/changespwd.php. Performing manipulation of the argument loginid results in sql injection. The attack may be initiated remotely. The exploit...

PT-2025-47161

Name of the Vulnerable Software and Affected Versions PHPGurukul Small CRM version 3.0 Description PHPGurukul Small CRM version 3.0 contains a SQL Injection flaw. This issue affects the change-password.php file through the oldpass parameter. The flaw could allow an attacker to inject malicious SQ...

Kashipara Online Service Management Portal 安全漏洞

Kashipara Online Service Management Portal is an online service management portal from Kashipara. A security vulnerability exists in Kashipara Online Service Management Portal version V1.0, which stems from improper handling of the rPassword parameter in the /osms/Requester/Requesterchangepass.ph...

CSICE Cross Site Request Forgery / Cross Site Scripting

http://www.csice.org/ Suffers from XSS and CSRF cross site scripting and cross site request forgery attacks. The vulnerability lies in the Post comment filelds in the following page move to this page 'only for authenticated user' http://www.csice.org/student/subjects.html and choose a subject and...