CVE-2026-6038

A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCHID leads to sql injection. The attack may be performed from remote. The exploit is...

CVE-2026-7390

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is no...

SourceCodester Pharmacy Sales and Inventory System 跨站脚本漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a cross-site scripting vulnerability. This vulnerability arises from...

PT-2026-35954

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is no...

EUVD-2026-21352

A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCHID leads to sql injection. The attack may be performed from remote. The exploit is...

CVE-2026-6038

A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCHID leads to sql injection. The attack may be performed from remote. The exploit is...

CVE-2026-6038 code-projects Vehicle Showroom Management System RegisterCustomerFunction.php sql injection

A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCHID leads to sql injection. The attack may be performed from remote. The exploit is...

CVE-2026-6038

The CVE affects code-projects Vehicle Showroom Management System 1.0. A SQL injection vulnerability exists in /util/RegisterCustomerFunction.php triggered by manipulating BRANCH_ID. The attack can be performed remotely and a public exploit is available.

CVE-2026-6038 code-projects Vehicle Showroom Management System RegisterCustomerFunction.php sql injection

A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCHID leads to sql injection. The attack may be performed from remote. The exploit is...

Code-Projects Vehicle Showroom Management System SQL注入漏洞

The Code-Projects Vehicle Showroom Management System is an open-source system for managing automobile showrooms developed by Code-Projects. Version 1.0 of the Code-Projects Vehicle Showroom Management System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling...

PT-2026-31903

Name of the Vulnerable Software and Affected Versions code-projects Vehicle Showroom Management System version 1.0 Description A flaw exists in code-projects Vehicle Showroom Management System 1.0, specifically within the /util/RegisterCustomerFunction.php file. Manipulation of the BRANCH ID...

CVE-2025-10414 Campcodes Grocery Sales and Inventory System ajax.php sql injection

A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. The impacted element is an unknown function of the file /ajax.php?action=savecustomer. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit...

CVE-2023-36645

SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function...

CVE-2023-36645

SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function...

CVE-2023-36645

SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function...

ITB-GmbH TradePro 安全漏洞

ITB-GmbH TradePro is a complete B2B e-shop from ITB-GmbH. A security vulnerability exists in ITB-GmbH TradePro version v9.5, which stems from incorrect access control. A remote attacker uses the vulnerability to receive all orders from the online store via the oordershow component in the customer...

CVE-2023-36645

SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function...

CVE-2023-36645

The CVE-2023-36645 entry concerns ITB-GmbH TradePro v9.5 with a SQL injection via the oordershow component in the customer function. Connected PT-2024-12574 details show the root cause as an access-control weakness allowing remote exploitation to execute SQL queries. Affects ITB-GmbH TradePro 9.5...

CVE-2023-36645

SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function...

Shopify: Stored XSS in private message

1.Open customer function https://mosuan-img-src-x.myshopify.com/admin/customers 2.Click on the customer's email address F625957 3.Click the sent message on the current page F625959 Impact admin...