CVE-2025-45315

CVE-2025-45315 describes an XSS vulnerability in hortusfox-web v4.4 via the /controller/admin.php endpoint, exploitable by injecting a crafted payload into the email parameter to execute JavaScript in a user’s browser. The underlying cause is misuse/insufficient sanitization of the email input, e...

emlog 安全漏洞

emlog is emlog open source a set of PHP and MySQL based CMS site building system . A security vulnerability exists in version 2.5.11 of emlog, which stems from the incorrect operation of the parameter tag in the file /include/controller/apicontroller.php leading to SQL injection...

MRCMS 安全漏洞

MRCMS is a content management system by marker personal developer. A security vulnerability exists in MRCMS version v3.1.2, which stems from the /controller/UserController.java module containing an elevation of privilege vulnerability...

CVE-2024-42789

A Reflected Cross Site Scripting XSS vulnerability was found in "/music/controller.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter...

CVE-2024-42773

An Incorrect Access Control vulnerability was found in /admin/editroomcontroller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section...

CVE-2024-33957

SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'id' in '/admin/orders/controller.php' parameter...

PayPal,Credit Card and Debit Card Payment SQL注入漏洞

PayPal,Credit Card and Debit Card Payment is a PayPal, Credit Card and Debit Card Payment software by janobe individual developer. A SQL injection vulnerability exists in PayPal,Credit Card and Debit Card Payment version 1.0. An attacker can use this vulnerability to send a specially crafted quer...

Campcodes Online Job Finder System SQL Injection Vulnerability

Campcodes Online Job Finder System is an online job finder system from Campcodes, Inc. A SQL injection vulnerability exists in version 1.0 of the Campcodes Online Job Finder System, which originates from a SQL injection vulnerability in the CATEGORYID parameter of the /admin/category/controller.p...

Campcodes Online Job Finder System SQL Injection Vulnerability

Campcodes Online Job Finder System is an online job finder system from Campcodes, Inc. A SQL injection vulnerability exists in version 1.0 of the Campcodes Online Job Finder System, which originates from a SQL injection vulnerability in the EMPLOYEEID parameter of the /admin/employee/controller.p...

MISP 跨站脚本漏洞

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP version 2.4.174, which stems from the presence of...

SENS 跨站脚本漏洞

SENS is an enterprise blog system by saysky individual developer. A cross-site scripting vulnerability exists in SENS v1.0, which originates from a cross-site scripting attack XSS on com.liuyanzhao.sens.web.controller.admin, getRegister...

CVE-2022-37299

An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php...

CVE-2022-28114

DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php...

DESHANG DSCMS 安全漏洞

Deshang DESHANG DSCMS is a PHP and MySQL based CMS enterprise website builder from Deshang, China. A security vulnerability exists in DSCMS v3.0, which was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php...

CVE-2022-26268

Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php...

xiaohuanxiong CMS SQL注入漏洞

xiaohuanxiong is an open source comic CMS by guoguo individual developers. xiaohuanxiong version 1.0 is vulnerable to SQL injection, which originates from the id parameter in /app/controller/Books.php. No detailed vulnerability details are available...

CSZ CMS SQL注入漏洞

CSZ CMS is a PHP-based open-source content management system CMS.A SQL injection vulnerability exists in CSZ CMS 1.2.9, which can be exploited by attackers via cszcms/controllers/Member.php...

ansible: path injection on dest parameter in fetch module

A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node...

Dashbuilder: Reflected XSS

JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder usually admins to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of...