277 matches found
PT-2026-7023
Name of the Vulnerable Software and Affected Versions itsourcecode School Management System version 1.0 Description A security flaw exists in itsourcecode School Management System 1.0. The issue involves SQL injection stemming from the manipulation of the ID argument within an unknown function of...
CVE-2026-2018
A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...
CVE-2026-2018 itsourcecode School Management System controller.php sql injection
A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...
CVE-2026-2011 itsourcecode Student Management System controller.php sql injection
A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public...
Ziroom ZHOME A0101 命令注入漏洞
Ziroom ZHOME A0101 is a smart home hardware device developed by Ziroom Corporation. The version 1.0.1.0 of Ziroom ZHOME A0101 contains a command injection vulnerability. This vulnerability stems from the improper handling of the parameter “macType” in the “macAddrClone” function within the file...
CVE-2026-1551 itsourcecode School Management System controller.php sql injection
A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...
CVE-2026-1551
A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...
CVE-2025-15084
A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...
CVE-2025-56107
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submitwifi in file /usr/lib/lua/luci/controller/admin/commonquickconfig.lua...
EUVD-2025-202723
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the networksetwanconf in file /usr/lib/lua/luci/controller/admin/netport.lua...
CVE-2025-56127
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the getwanobj in file /usr/lib/lua/luci/controller/admin/common.lua...
Ruijie RG-BCR 安全漏洞
Ruijie RG-BCR is a series of cloud routers from China Ruijie Ruijie. A security vulnerability exists in the Ruijie RG-BCR RG-BCR860 version, which stems from improper handling of a specially crafted POST request for networksetwanconf in the file /usr/lib/lua/luci/controller/admin/netport.lua, whi...
CVE-2025-56111
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the networksetwanconf in file /usr/lib/lua/luci/controller/admin/netport.lua...
CVE-2025-67637
CVE-2025-67637 affects Jenkins 2.540 and earlier, and LTS 2.528.2 and earlier. The issue is that build authorization tokens are stored unencrypted in job config.xml on the Jenkins controller, making them viewable by users with Item/Extended Read permission or with access to the controller filesys...
Web-Based Internet Laboratory Management System /subject/controller.php File SQL Injection Vulnerability
Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally-entered SQL statements in the file /subject/controller.php. An attacker c...
Web-Based Internet Laboratory Management System controller.php File SQL Injection Vulnerability
Web-Based Internet Laboratory Management System is a web laboratory software. The Web-Based Internet Laboratory Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the file /course/controller.php. An attacker...
Web-Based Internet Laboratory Management System /user/controller.php File SQL Injection Vulnerability
Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally entered SQL statements in the file /user/controller.php. An attacker can...
CVE-2025-13301
A vulnerability was found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /subject/controller.php. The manipulation results in sql injection. It is possible to launch the attack remotely. The exploit has...
CVE-2025-13299
A flaw has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. This impacts an unknown function of the file /user/controller.php. Executing a manipulation can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used...
CVE-2025-13301 itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection
A vulnerability was found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /subject/controller.php. The manipulation results in sql injection. It is possible to launch the attack remotely. The exploit has...