CVE-2026-9446

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/editcustomer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed t...

CVE-2026-7550 SourceCodester Pharmacy Sales and Inventory System ajax.php save_customer sql injection

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=savecustomer. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-7550

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=savecustomer. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

PT-2026-36296

Name of the Vulnerable Software and Affected Versions SourceCodester Pharmacy Sales and Inventory System version 1.0 Description A remote SQL injection flaw exists in the '/ajax.php?action=delete customer' endpoint. This issue occurs when the ID argument is manipulated, allowing an attacker to...

PT-2026-36297

Name of the Vulnerable Software and Affected Versions SourceCodester Pharmacy Sales and Inventory System version 1.0 Description An issue exists in the '/ajax.php?action=save customer' endpoint where manipulation of the ID argument allows for SQL injection, a technique used to interfere with the...

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability, which arises from incorrect handling of the...

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.214 contained security vulnerabilities. These vulnerabilities stemmed from the fact that, under limited visibility, the...

CVE-2025-52204

A Cross-Site Scripting XSS vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter...

CVE-2025-52204

A Cross-Site Scripting XSS vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter...

CVE-2025-52204

A Cross-Site Scripting XSS vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter...

PT-2026-27200

A Cross-Site Scripting XSS vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter...

CVE-2026-2850

The CVE-2026-2850 entry concerns the YeQifu Warehouse project, affecting the Customer Endpoint component (dataset/repos/warehouse/src/main/java/com/yeqifu/bus/controller/CustomerController.java). The vulnerability arises from improper access controls in the addCustomer, updateCustomer, and delete...

CVE-2026-2850

A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addCustomer/updateCustomer/deleteCustomer of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\CustomerController.java of the component Customer Endpoint...

CVE-2026-2850 yeqifu warehouse Customer Endpoint CustomerController.java deleteCustomer access control

A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addCustomer/updateCustomer/deleteCustomer of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\CustomerController.java of the component Customer Endpoint...

CVE-2026-2850 yeqifu warehouse Customer Endpoint CustomerController.java deleteCustomer access control

A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addCustomer/updateCustomer/deleteCustomer of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\CustomerController.java of the component Customer Endpoint...

warehouse 访问控制错误漏洞

Warehouse is a small-scale warehouse logistics management system developed by Yeqifu’s individual developer, based on Spring Boot. There is an access control vulnerability in Warehouse. This vulnerability stems from improper access control issues in the functions addCustomer, updateCustomer, and...

PT-2025-44774

Name of the Vulnerable Software and Affected Versions Water Management System version 1.0 Description Water Management System version 1.0 is susceptible to Cross Site Scripting XSS attacks. The issue is located in the /add customer.php endpoint. The vulnerability allows attackers to inject...

Neptune Rubikon Banking Solution 安全漏洞

Neptune Rubikon Banking Solution is a banking services platform from Neptune UK. A security vulnerability exists in Neptune Rubikon Banking Solution version 4.0.3, which originates from the presence of reflective cross-site scripting in the Search For Customers Information endpoint...

CVE-2025-10414

A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. The impacted element is an unknown function of the file /ajax.php?action=savecustomer. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit...

PT-2024-39974 · Code Projects · Code-Projects Pharmacy Management System

Name of the Vulnerable Software and Affected Versions: code-projects Pharmacy Management System version 1.0 Description: A critical issue has been discovered, affecting the file /php/manage customer.php. The manipulation of the text argument leads to SQL injection. This issue can be exploited...