Campcodes Online Learning Management System 安全漏洞

CampCodes Online Learning Management System is an online learning management system from CampCodes Philippines, Inc. A security vulnerability exists in Campcodes Online Learning Management System version 1.0, which stems from an incorrect manipulation of the parameter classname in the file...

CVE-2025-9788

A vulnerability was determined in SourceCodester/Campcodes School Log Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/adminclass.php. Executing manipulation of the argument idno can lead to sql injection. The attack can be launched remotely. Th...

PT-2025-35501

Name of the Vulnerable Software and Affected Versions: SourceCodester/Campcodes School Log Management System version 1.0 Description: A SQL injection issue exists in an unknown functionality of the file /admin/admin class.php. Manipulation of the id no argument can lead to SQL injection and can b...

Pre-School Enrollment System add-class.php File SQL Injection Vulnerability

Pre-School Enrollment System is a web-based preschool enrollment system. The Pre-School Enrollment System suffers from a SQL injection vulnerability that originates from the lack of validation of the classname parameter in the file /admin/add-class.php for externally entered SQL statements. An...

CVE-2023-1666

A vulnerability has been found in SourceCodester Automatic Question Paper Generator System 1.0 and classified as critical. This vulnerability affects unknown code of the file users/classes/viewclass.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql...

PT-2025-16272 · Unknown · Sourcecodester Music Class Enrollment System

Name of the Vulnerable Software and Affected Versions: SourceCodester Music Class Enrollment System version 1.0 Description: A critical vulnerability was found in the SourceCodester Music Class Enrollment System. The issue affects an unknown function of the file /manage class.php. The manipulatio...

CVE-2024-50824

A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the classname parameter...

OpenHIS 安全漏洞

OpenHIS is a web-based hospital management application from China Xinzhi OpenHIS. A SQL injection vulnerability exists in OpenHIS v.1.0, which stems from a lack of validation of externally-entered SQL statements in the refund function of the PayController.class.php component. An attacker can...

CVE-2024-46377

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the savesettings function of the file rental/adminclass.php...

CVE-2024-46374

Best House Rental Management System 1.0 contains a SQL injection vulnerability in the deletecategory function of the file rental/adminclass.php...

CVE-2024-6196

A vulnerability was found in itsourcecode Banking Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file adminclass.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit h...

CVE-2024-29275

SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php...

PT-2023-32771 · Sourcecodester · Sourcecodester Simple Student Attendance System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Student Attendance System version 1.0 Description: A critical issue has been found in the save attendance function of the actions.class.php file. The manipulation of the sid argument leads to SQL injection...

PT-2023-26784 · Rconfig · Rconfig

Name of the Vulnerable Software and Affected Versions: rconfig version 3.9.4 Description: The issue allows authenticated attackers to make arbitrary requests via injection of crafted URLs, exploiting a Server-Side Request Forgery SSRF vulnerability. This is achieved through the path b parameter i...

PT-2023-17434 · Unknown · Campcodes Video Sharing Website

Name of the Vulnerable Software and Affected Versions: Campcodes Video Sharing Website version 1.0 Description: A critical issue has been found, affecting the admin class.php file, where manipulation of the email argument leads to SQL injection. This can be initiated remotely. Recommendations: Fo...

Cross-site Scripting (XSS)

Overview modx/revolution is a Content Management System. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the parseCustomData function in the update.class.php file. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious...

CVE-2021-40261

Multiple Cross Site Scripting XSS vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the 1 userusername and 2 category parameters in saveclass.php, the 3 firstname, 4 class, and 5 status parameters in studenttable.php, the 6 category and 7 classname parameters in...

CVE-2021-39357

The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the /class.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.16.5. This affec...

CVE-2020-19962

A stored cross-site scripting XSS vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts...

NetWave System 信息泄露漏洞

Mediatek Net NetWave System is an application system from Mediatek Net, China. System for Navy Fleet Management An information disclosure vulnerability exists in NetWave System 1.0, which originates in index.class.php. The vulnerability allows an unauthenticated attacker to steal sensitive...