PT-2025-39064

Name of the Vulnerable Software and Affected Versions code-projects Hostel Management System version 1.0 Description A flaw exists in code-projects Hostel Management System 1.0 that allows for SQL injection. Manipulation of the ID argument in the file '/justines/admin/mod...

CVE-2025-55734 flaskBlo Authorization Bypass

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page,...

CVE-2024-48448

An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into the tracker comments page...

CVE-2024-48448

CVE-2024-48448 affects Huly Platform v0.6.295. The vulnerability is an arbitrary file upload that enables code execution by uploading a crafted HTML file to the tracker comments page. The available documents consistently identify the affected version and the file-upload vector but do not provide ...

WooCommerce < 8.4.0 - Reflected Cross-Site Scripting

Description The plugin does not properly sanitize user-input provided by the addqueryarg function when echoed back into JavaScript code context. http://vulnerable-site.tld/wp-admin/edit-comments.php?%27;alert1//...

PT-2022-27570 · Aerocms · Aerocms

Name of the Vulnerable Software and Affected Versions: AeroCMS version 0.0.1 Description: The issue allows attackers to access database information through a SQL Injection vulnerability. This vulnerability is exploited via the id parameter at the "admin/post comments.php" endpoint. Recommendation...

CVE-2020-10474

Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...

booksonline.com.ua XSS vulnerability

Open Bug Bounty ID: OBB-519929 Description| Value ---|--- Affected Website:| booksonline.com.ua Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

digitalartinmotion.com XSS vulnerability

Open Bug Bounty ID: OBB-80028 Description| Value ---|--- Affected Website:| digitalartinmotion.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

YABSoft Advanced Image Hosting Script SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: AIHS Advanced Image Hosting Script SQL Injection Vulnerability Author: Robert Cooper Robert.Cooper at areyousecure.net Software Link: http://yabsoft.com/ Tested on: Linux/Windows 7 Vulnerable File: viewcomments.php Vulnerable...

CVE-2008-7039

CVE-2008-7039 concerns Gelato CMS 0.95, where an XSS flaw exists in admin/comments.php via the comment content parameter. The vulnerability allows remote attackers to inject arbitrary web script or HTML when processing a comment, per the NVD description. The linked connected records corroborate t...

MeGaCheatZ 1.1 - Multiple SQL Injections

MeGaCheatZ 1.1 - Multiple SQL Injections --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...

IwebNegar Comments.PHP注入漏洞

IwebNegar是一款基于PHP的WEB应用程序。 IwebNegar不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是由于'Comments.PHP'脚本对用户提交的'id'参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 iWebNegar iWebNegar 1.1 http://iwebnegar.co.sr/ http://www.example.com/comments.php?id=SQL Query...