17 matches found
CVE-2026-7501
A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The...
CVE-2026-2018
A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...
CVE-2025-13300
A vulnerability has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected is an unknown function of the file /settings/controller.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
EUVD-2025-29150
Malicious code in bioql PyPI...
EUVD-2024-49198
Malicious code in bioql PyPI...
EUVD-2024-49197
Malicious code in bioql PyPI...
CVE-2022-40347
SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information...
CVE-2024-42918
itsourcecode Online Accreditation Management System contains a Cross Site Scripting vulnerability, which allows an attacker to execute arbitrary code via a crafted payload to the SCHOOLNAME, EMAILADDRES, CONTACTNO, COMPANYNAME and COMPANYCONTACTNO parameters in controller.php...
CVE-2024-7342
A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the atta...
CVE-2024-6371
A vulnerability, which was classified as critical, has been found in itsourcecode Pool of Bethesda Online Reservation System 1.0. Affected by this issue is some unknown functionality of the file controller.php. The manipulation of the argument rmtypeid leads to sql injection. The attack may be...
CVE-2024-25166
Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...
CVE-2022-40348
Cross Site Scripting XSS vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code...
CVE-2022-31393
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Index function in app/admin/c/PluginsController.php...
CVE-2022-30058
Shopwind =v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php...
Sourcecodester E-Negosyo System Remote Code Execution Vulnerability
Sourcecodester E-Negosyo System is an open source online ordering system with SMS notifications. sourcecodester E-Negosyo System is vulnerable to remote code execution, which can be exploited by attackers to execute arbitrary code via the "/admin/produts/controller. php" in the doInsert function...
OpenEMR Cross-Site Scripting Vulnerability (CNVD-2019-28409)
OpenEMR is a medical practice management software that also supports electronic medical records EMR. A cross-site scripting vulnerability in the patientid parameter in controller.php in OpenEMR 5.0.1 and earlier versions can be exploited by an attacker to execute arbitrary code in the context of ...
OIC Exponent CMS Information Disclosure Vulnerability
OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. An information disclosure...