12 matches found
CVE-2025-69564
code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, Address, email, UserName, Password, confirmpassword, Role, Branch, and Activate parameters...
CVE-2025-13586 SourceCodester Online Student Clearance System changepassword.php sql injection
A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirmpassword causes sql injection. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-10322 Wavlink WL-WN578W2 sysinit.html password recovery
A vulnerability has been found in Wavlink WL-WN578W2 221110. The affected element is an unknown function of the file /sysinit.html. The manipulation of the argument newpass/confpass leads to weak password recovery. The attack is possible to be carried out remotely. The exploit has been disclosed ...
CVE-2025-40734
Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the password and confirmpassword parameters in /register.php...
Code-Projects Daily Expense Manager 跨站脚本漏洞
Daily Expense Manager is a daily expense management system. Daily Expense Manager suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters password and confirmpassword in the file /register.php, which ca...
Chat System confirm_password.php File SQL Injection Vulnerability
Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter cid in the file /user/confirmpassword.php. An attacker can exploit this vulnerability to execute illegal SQL...
CVE-2025-5881
A vulnerability was found in code-projects Chat System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /user/confirmpassword.php. The manipulation of the argument cid leads to sql injection. The attack may be initiated remotely. The exploit has been...
CVE-2025-5881 code-projects Chat System confirm_password.php sql injection
A vulnerability was found in code-projects Chat System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /user/confirmpassword.php. The manipulation of the argument cid leads to sql injection. The attack may be initiated remotely. The exploit has been...
Code-Projects Chat System 注入漏洞
Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter cid in the file /user/confirmpassword.php. An attacker can exploit this vulnerability to execute illegal SQL...
Vimeo: Full account takeover via Add a New Email to account without email verified and without password confirmation.
Description : This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals Bug : Add a New Email to account without email verified and without password confirmation when the leaves open email ,Leading to the theft of account In less...
Grestul 1.2 Add Administrator
Grestul 1.2 Remote add admin exploit Founder: ThE g0bL!N ------ Home: http:/www.4ckx.com/dz/ ---- Vendor:http://grestul.com/ Note: Algerie 3-1 Egypt code ----- Username: New Password: Confirm Password:...
Document Library 1.0.1 - Arbitrary Change Admin
@=======================================@ ====C4TEAM.ORG====ByALBAYX====C4TEAM.ORG===== @=======================================@ @=Author : ByALBAYX @=Website : WWW.C4TEAM.ORG @=Contry : Turkish @=======================================@ @=Script :Document Library Version 1.0.1 @=S.Site...