56 matches found
CVE-2026-13228
The vulnerability CVE-2026-13228 affects the LatePoint – Calendar Booking Plugin for Appointments and Events (WordPress). An Insecure Direct Object Reference (IDOR) in OsOrdersController.create_or_update enables an authenticated Agent (low privileges) to specify an arbitrary order[customer_id] an...
CVE-2026-13228 LatePoint <= 5.6.3 - Authenticated (Custom+) Privilege Escalation to Administrator via 'order[customer_id]' Parameter
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.6.3 This is due to an Insecure Direct Object Reference IDOR in the createorupdate function of OsOrdersController, whi...
EUVD-2026-26789
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via the 'wcfmdeletewcfmcustomer' due to missing validation on the 'customerid' user...
CVE-2026-6151 code-projects Vehicle Showroom Management System PaymentStatusFunction.php sql injection
A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/PaymentStatusFunction.php. The manipulation of the argument CUSTOMERID results in sql injection. It is possible to launch the attack remotely. The exploit h...
CVE-2026-6151 code-projects Vehicle Showroom Management System PaymentStatusFunction.php sql injection
A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/PaymentStatusFunction.php. The manipulation of the argument CUSTOMERID results in sql injection. It is possible to launch the attack remotely. The exploit h...
CVE-2026-6151
A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/PaymentStatusFunction.php. The manipulation of the argument CUSTOMERID results in sql injection. It is possible to launch the attack remotely. The exploit h...
CVE-2026-6151
CVE-2026-6151 affects the code-projects Vehicle Showroom Management System 1.0. The vulnerability exists in /util/PaymentStatusFunction.php where manipulating the argument CUSTOMER_ID leads to SQL injection. The issue can be exploited remotely and the exploit is public. No remediation details are...
CVE-2026-5157
A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument custid leads to cross site scripting. The attack may be performed from remote. The exploit ...
CVE-2026-5157 code-projects Online Food Ordering System Order order.php cross site scripting
A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument custid leads to cross site scripting. The attack may be performed from remote. The exploit ...
CVE-2026-5157 code-projects Online Food Ordering System Order order.php cross site scripting
A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument custid leads to cross site scripting. The attack may be performed from remote. The exploit ...
CVE-2026-5157
CVE-2026-5157 affects code-projects Online Food Ordering System 1.0, specifically the Order Module’s /form/order.php. The vulnerability arises from manipulating the cust_id argument, enabling cross-site scripting (XSS). Exploitation can be performed remotely, and a public exploit is available. Do...
CVE-2026-5034
A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /editcostumer.php of the component Parameter Handler. This manipulation of the argument cosid causes sql injection. It is possible to initiate the attack remotely. The...
PT-2026-29144
A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument cust id leads to cross site scripting. The attack may be performed from remote. The exploit...
Code-Projects Accounting System SQL注入漏洞
Code-Projects Accounting System is an accounting system developed by Code-Projects as open source. Version 1.0 of Code-Projects Accounting System has a SQL injection vulnerability. This vulnerability stems from improper handling of the cosid parameter in the file/viewcostumer.php, which may lead ...
EUVD-2014-4880
Malware in sbrugna...
MAL-2025-41471 Malicious code in @twork-data-services/communication-api-v4-communication-customer-id (npm)
--- -= Per source details. Do not edit below this line.=-...
CampCodes Complaint Management System 注入漏洞
CampCodes Complaint Management System is a complaint management system from CampCodes Philippines. Campcodes Complaint Management System version 1.0 suffers from an injection vulnerability that stems from improper handling of the parameter cid in the file /users/complaint-details.php, which could...
DaaS - Change master image it fails with "ProvisioningTaskError"
Unable to update DaaS Machine Catalog - Access Machine Catalog "Change master image" it fails with "ProvisioningTaskError" ErrorMessage - HandleExplicitStorage Failed Error retrieving item from path ""...
CVE-2025-4719
A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/cashtransaction.php. The manipulation of the argument cid leads to sql injection. The attack may be launched remotely. The...
CampCodes Sales and Inventory System 注入漏洞
CampCodes Sales and Inventory System is a sales and inventory system from CampCodes, Inc. An injection vulnerability exists in CampCodes Sales and Inventory System version 1.0, which stems from SQL injection due to incorrect manipulation of the parameter cid in the file /pages/accountsummary.php...