CVE-2026-35448

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page...

CVE-2026-35448 WWBN AVideo Provides Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page...

GHSA-3V7M-QG4X-58H9 AVideo: Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php

Summary The BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page, but it performs no access control checks of its own. Since Bitco...

Simple Attendance Record System check.php File SQL Injection Vulnerability

Simple Attendance Record System is a simple attendance record system. Simple Attendance Record System suffers from a SQL injection vulnerability that originates from an unknown function in the /check.php file that mishandles the student parameter. An attacker can use this vulnerability to obtain ...

CVE-2025-14643

A vulnerability was found in code-projects Simple Attendance Record System 2.0. The affected element is an unknown function of the file /check.php. Performing manipulation of the argument student results in sql injection. Remote exploitation of the attack is possible. The exploit has been made...

CVE-2025-14643

A vulnerability was found in code-projects Simple Attendance Record System 2.0. The affected element is an unknown function of the file /check.php. Performing manipulation of the argument student results in sql injection. Remote exploitation of the attack is possible. The exploit has been made...

CVE-2025-14643 code-projects Simple Attendance Record System check.php sql injection

A vulnerability was found in code-projects Simple Attendance Record System 2.0. The affected element is an unknown function of the file /check.php. Performing manipulation of the argument student results in sql injection. Remote exploitation of the attack is possible. The exploit has been made...

EUVD-2006-0614

Malware in sbrugna...

EUVD-2025-19563

Malicious code in bioql PyPI...

EUVD-2024-16140

Malicious code in bioql PyPI...

CVE-2025-40732

user enumeration vulnerability in Daily Expense Manager v1.0. To exploit this vulnerability a POST request must be sent using the name parameter in /check.php...

Code-Projects Daily Expense Manager 安全漏洞

Daily Expense Manager is a daily expense management system. Daily Expense Manager suffers from a user enumeration vulnerability that stems from the unvalidated parameter name in the file /check.php, no details of the vulnerability are available at this time...

CVE-2024-0344

A vulnerability, which was classified as critical, has been found in soxft TimeMail up to 1.1. Affected by this issue is some unknown functionality of the file check.php. The manipulation of the argument c leads to sql injection. The exploit has been disclosed to the public and may be used. The...

CVE-2022-27983

RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an arbitrary file read vulnerability via the url parameter in check.php...

CVE-2020-28938

OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users...

CVE-2018-20609

imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI...

CVE-2024-0344

A vulnerability, which was classified as critical, has been found in soxft TimeMail up to 1.1. Affected by this issue is some unknown functionality of the file check.php. The manipulation of the argument c leads to sql injection. The exploit has been disclosed to the public and may be used. The...

Sql injection

A vulnerability, which was classified as critical, has been found in soxft TimeMail up to 1.1. Affected by this issue is some unknown functionality of the file check.php. The manipulation of the argument c leads to sql injection. The exploit has been disclosed to the public and may be used. The...

CVE-2024-0344

CVE-2024-0344 affects soxft TimeMail up to 1.1. The issue is a SQL injection in the file check.php caused by manipulating the argument c. The exploit has been disclosed publicly, indicating active risk. Connected sources consistently describe this as a critical vulnerability in TimeMail and recom...

CVE-2024-0344 soxft TimeMail check.php sql injection

A vulnerability, which was classified as critical, has been found in soxft TimeMail up to 1.1. Affected by this issue is some unknown functionality of the file check.php. The manipulation of the argument c leads to sql injection. The exploit has been disclosed to the public and may be used. The...