CVE-2026-54419 PIAF-HMS multiple unauthenticated SQL injection vulnerabilities via mysql_query

claudiopizzillo PIAF-HMS PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5 contains multiple unauthenticated SQL injection vulnerabilities. The application has no authentication mechanism and passes user-supplied HTTP parameters...

CVE-2026-54419

PIAF-HMS (PBX-In-A-Flash Hotel Management System) contains multiple unauthenticated SQL injection vulnerabilities. The app has no authentication and passes user-supplied HTTP parameters directly into deprecated mysql_query() calls via string concatenation, without sanitization, escaping, or param...

CVE-2026-11488

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

EUVD-2026-35019

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

CVE-2026-11488 code-projects Simple Flight Ticket Booking System POST Parameter checkUser.php sql injection

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

CVE-2026-11488

The CVE-2026-11488 entry concerns code-projects Simple Flight Ticket Booking System 1.0. It identifies a SQL injection in the POST Parameter Handler, specifically in checkUser.php via the Username argument. Impact is limited to confidentiality and integrity with a low severity in CVSS metrics, an...

CVE-2026-11488

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

PT-2026-47250

Name of the Vulnerable Software and Affected Versions Simple Flight Ticket Booking System version 1.0 Description An issue exists in the POST Parameter Handler component within the checkUser.php file. Remote manipulation of the Username parameter allows for SQL injection, a technique where...

CVE-2026-34090

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser. This issue affects CheckUser: from 1.45.0 before 1.45.2...

EUVD-2026-29062

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser. This issue affects CheckUser: from 1.45.0 before 1.45.2...

CVE-2026-34090

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser. This issue affects CheckUser: from 1.45.0 before 1.45.2...

CVE-2026-34090 Suggested investigations: Handle suppressed usernames

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser. This issue affects CheckUser: from 1.45.0 before 1.45.2...

CVE-2026-34090 Suggested investigations: Handle suppressed usernames

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser. This issue affects CheckUser: from 1.45.0 before 1.45.2...

CVE-2026-34090

The vulnerability CVE-2026-34090 affects Wikimedia Foundation CheckUser, versions 1.45.0 to 1.45.1. It exposes sensitive information to an unauthorized actor (confidentiality impact). No exploit details are provided in the connected documents. Remediation: upgrade to version 1.45.2 (per PT-2026-3...

Wikimedia CheckUser 信息泄露漏洞

Wikimedia CheckUser is a advanced investigation tool of the Wikimedia Foundation designed to combat disruptive behavior. Versions of Wikimedia CheckUser from 1.45.0 to 1.45.2 contained a vulnerability related to information leakage, which resulted in sensitive information being exposed to...

PT-2026-33204

Name of the Vulnerable Software and Affected Versions Wikimedia Foundation CheckUser versions 1.45.0 through 1.45.1 Description An issue exists that allows the exposure of sensitive information to an unauthorized actor. Recommendations Update to version 1.45.2...

CVE-2025-61650

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from before...

CVE-2025-61649

Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from 7cedd58781d261f110651b6af4f41d2d11ae7309...

CVE-2025-61658

Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/GlobalContributions/GlobalContributionsPager.Php. This issue affects CheckUser: from before 1.43.4, 1.44.1...

CVE-2025-61647

Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Api/Rest/Handler/UserInfoHandler.Php. This issue affects CheckUser: from a3dc1bbcc33acbcca6831d6afaccbb1054c93a57, 0584eb2ad564648aa3ce9c555dd044dda02b55f4...