31 matches found
CVE-2025-6320 PHPGurukul Pre-School Enrollment System add-class.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System 1.0. Affected is an unknown function of the file /admin/add-class.php. The manipulation of the argument classname leads to sql injection. It is possible to launch the attack remotely. The explo...
CVE-2025-6320 PHPGurukul Pre-School Enrollment System add-class.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System 1.0. Affected is an unknown function of the file /admin/add-class.php. The manipulation of the argument classname leads to sql injection. It is possible to launch the attack remotely. The explo...
CVE-2025-3168 PHPGurukul Time Table Generator System edit-class.php sql injection
A vulnerability was found in PHPGurukul Time Table Generator System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-class.php. The manipulation of the argument editid leads to sql injection. The attack can be launched...
CVE-2025-3168
CVE-2025-3168 affects PHPGurukul Time Table Generator System 1.0. The vulnerability is an SQL injection in an unknown function of /admin/edit-class.php triggered by manipulating the editid parameter. It is exploitable remotely over network, and the exploit has been disclosed publicly. Connected s...
PT-2025-14779 · Unknown · Phpgurukul Time Table Generator System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Time Table Generator System version 1.0 Description: A critical issue has been discovered, affecting an unknown functionality of the file /admin/edit-class.php. The manipulation of the editid argument leads to SQL injection. This...
CVE-2024-13693
The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. This makes it possible for unauthenticated attackers to export all avia settings which may included sensitive...
PT-2024-4404 · Itsourcecode · Itsourcecode Banking Management System
Name of the Vulnerable Software and Affected Versions: itsourcecode Banking Management System version 1.0 Description: A critical issue was found in the Banking Management System, affecting an unknown functionality of the file admin class.php. The manipulation of the username argument leads to SQ...
PT-2024-22846 · Seacms · Seacms
Name of the Vulnerable Software and Affected Versions: SeaCMS version 12.9 Description: The issue allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php. This enables attackers to potentially access and manipulate...
PT-2024-18963 · Sourcecodester · Sourcecodester Best Pos Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Best POS Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown function of the file admin class.php. The manipulation of the img argument leads to sql injection. It is possibl...
PT-2024-15234 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DeDeCMS versions up to 5.7.112 Description: A critical vulnerability has been found in DeDeCMS, affecting an unknown function of the file file class.php in the Backend component. This vulnerability leads to unrestricted upload and can be...
Cross-site Scripting (XSS)
moodle/moodle is vulnerable to cross-site scripting. The vulnerability exists due to a lack of validation in the user-supplied input for field.class.php and helper.php which allows a remote attacker to inject and execute malicious JavaScript into the system...
CASAP Automated Enrollment Cross-Site Scripting Vulnerability (CNVD-2021-57787)
CASAP Automated Enrollment is an automated enrollment system from the CASAP organization. The goal of the project is to provide CASAP with an automated enrollment system to streamline the school process and make it more effective, efficient and easily retrievable. SourceCodester CASAP Automated...
CVE-2021-27823
An information disclosure vulnerability was discovered in /index.class.php via port 8181 on NetWave System 1.0 which allows unauthenticated attackers to exfiltrate sensitive information from the system...
SQL Injection Vulnerability in Thunderwind Movie CMS Pl***.class.php
Thunderwind Movie CMS is a PHP based THINKPHP3.2.3 framework development, suitable for all kinds of video, film and television websites, film and television content management program. Thunderwind Movie CMS Pl.class.php SQL injection vulnerability, attackers can use the vulnerability to obtain...
Design/Logic Flaw
An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. This results in arbitrary code...
own-lingerie.com XSS vulnerability
Vulnerable URL: http://own-lingerie.com/class.php?id=13'"143 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Coordinated Disclosure...
atopclass.com XSS vulnerability
Vulnerable URL: http://atopclass.com/class.php?id=13'"171 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1038408 VIP website status:| No Coordinated Disclosure Timeline: Description| Value ---|--- Vulnerability...
CVE-2017-9306
inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "svg/onload=" substring instead of an "svg onload=" substring...
Design/Logic Flaw
inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "svg/onload=" substring instead of an "svg onload=" substring...
WeiPHP Addons/WishCard/Controller/WapController.class.php SQL注入
No description provided by source...