CVE-2025-7610 code-projects Electricity Billing System change_password.php sql injection

A vulnerability was found in code-projects Electricity Billing System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/changepassword.php. The manipulation of the argument newpassword leads to sql injection. The attack may be launched remotely...

CVE-2025-7610

Code-projects Electricity Billing System 1.0 contains a SQL injection in /user/change_password.php triggered by the new_password parameter. The issue is exploitable remotely, with public disclosure of the exploit; multiple sources confirm a critical severity, and remediations include guidance to ...

CVE-2024-7460 OSWAPP Warehouse Inventory System change_password.php cross-site request forgery

A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /changepassword.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The...

CVE-2024-7460 OSWAPP Warehouse Inventory System change_password.php cross-site request forgery

A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /changepassword.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The...

W-Agora 4.2.1 change_password.php userid Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/23057/info w-Agora is prone to multiple input-validation vulnerabilities, including possible SQL-injection issues and multiple cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data...

CVE-2007-1606

Multiple cross-site scripting XSS vulnerabilities in w-Agora Web-Agora allow remote attackers to inject arbitrary web script or HTML via 1 the showuser parameter to profile.php, the 2 searchforum or 3 searchuser parameter to search.php, or 4 the userid parameter to changepassword.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in w-Agora Web-Agora allow remote attackers to inject arbitrary web script or HTML via 1 the showuser parameter to profile.php, the 2 searchforum or 3 searchuser parameter to search.php, or 4 the userid parameter to changepassword.php...

CVE-2007-1606

Multiple cross-site scripting XSS vulnerabilities in w-Agora Web-Agora allow remote attackers to inject arbitrary web script or HTML via 1 the showuser parameter to profile.php, the 2 searchforum or 3 searchuser parameter to search.php, or 4 the userid parameter to changepassword.php...

CVE-2006-0684

changepassword.php in Virtual Hosting Control System VHCS 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access...

CVE-2006-0684

CVE-2006-0684 affects Virtual Hosting Control System (VHCS) and is triggered by the change_password.php flow in VHCS 2.4.7.1 and earlier, where the system does not verify the old password when a user changes their password. This behavioral flaw can allow remote attackers to gain unauthorized acce...