242 matches found
PT-2025-38687
Name of the Vulnerable Software and Affected Versions: Campcodes Online Learning Management System version 1.0 Description: A security issue exists in Campcodes Online Learning Management System. The manipulation of the subject code argument in the /admin/edit subject.php file leads to SQL...
MaxKB 代码问题漏洞
MaxKB is 1Panel-dev open source an open source knowledge base question and answer system based on large language model and RAG. A code issue vulnerability exists in MaxKB version 2.0.2 and earlier and version 2.1.0, which stems from the incorrect manipulation of the parameter code in the file...
itsourcecode Sports Management System 安全漏洞
Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/mode.php. An attacker can exploit this vulnerability...
CVE-2025-9531
A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/agenda.php of the component Agenda Module. Performing manipulation of the argument codagenda results in sql injection. It is possible to initiate the attack remotely. The exploit...
CVE-2025-9531 Portabilis i-Educar Agenda agenda.php sql injection
A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/agenda.php of the component Agenda Module. Performing manipulation of the argument codagenda results in sql injection. It is possible to initiate the attack remotely. The exploit...
UTCMS 安全漏洞
UTCMS is a content management system built on the UT framework by the individual developer of usaltool. A security vulnerability exists in UTCMS version 9, which stems from an improper comparison of the code parameter in the file app/modules/ut-frame/admin/login.php...
itsourcecode Sports Management System 注入漏洞
Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/sports.php. An attacker can exploit this vulnerabili...
CVE-2025-8982
A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/currency.php. The manipulation of the argument currcode leads to sql injection. The attack can be initiated remotely. The exploit has...
CVE-2025-8982
The CVE affects itsourcecode Online Tour and Travel Management System 1.0, specifically the /admin/operations/currency.php file. The vulnerability arises from unsafely handling the curr_code parameter, enabling SQL injection. It is exploitable remotely, and public exploit disclosure exists. Multi...
Dairy Farm Shop Management System edit-category.php File SQL Injection Vulnerability
Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . The Dairy Farm Shop Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter categorycode in the file...
Tucows (VDP): Business Logic Error – Bypass of OTP Verification During Signup on hover.com
The Business Logic Error – Bypass of OTP Verification During Signup on hover.com was a vulnerability that allowed an attacker to register an account on www.hover.com using any email address without passing the required OTP verification. The vulnerability was caused by the ability to omit the code...
CVE-2025-7590
A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This issue affects some unknown processing of the file edit-category.php. The manipulation of the argument categorycode leads to sql injection. The attack may be initiated...
Simple Pizza Ordering System cashconfirm.php File SQL Injection Vulnerability
Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter transactioncode in the file /cashconfirm.php. The vulnerability can ...
CVE-2025-6305
A vulnerability was found in code-projects Online Shoe Store 1.0. It has been classified as critical. This affects an unknown part of the file /admin/adminfeature.php. The manipulation of the argument productcode leads to sql injection. It is possible to initiate the attack remotely. The exploit...
code-projects Online Shoe Store 注入漏洞
Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter productcode in the file /admin/adminfeature.php. An attacker can exploit this...
CVE-2025-40656
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp...
CVE-2024-40536
Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 were discovered to contain a stack overflow via the pin3gcode parameter in the config3gpara function...
CVE-2023-2037
A vulnerability was found in Campcodes Video Sharing Website 1.0. It has been classified as critical. This affects an unknown part of the file watch.php. The manipulation of the argument code leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to...
CVE-2022-22881
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData...
CVE-2020-25875
A stored cross site scripting XSS vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter...