CVE-2026-33377 Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...

CVE-2026-33377 Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...

CVE-2021-47947

Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of files-edit.php. Attackers can inject JavaScript payloads through the file name field that execute in the...

SUSE CVE-2026-0397

When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...

CVE-2025-1856

A vulnerability was found in Codezips Gym Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /dashboard/admin/geninvoice.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...

CVE-2025-1206

A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /dashboard/admin/viewdetailroutine.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The...

Codezips Gym Management System 注入漏洞

Codezips Gym Management System is an open source gym management system from Codezips. An injection vulnerability exists in Codezips Gym Management System version 1.0, which originates from an SQL injection vulnerability contained in the id parameter of /dashboard/admin/viewdetailroutine.php...

PT-2025-6848 · Unknown · Codezips Gym Management System

Name of the Vulnerable Software and Affected Versions: Codezips Gym Management System version 1.0 Description: A critical issue has been found in the Codezips Gym Management System, affecting an unknown part of the file /dashboard/admin/viewdetailroutine.php. The manipulation of the id argument...

Codezips Gym Management System 注入漏洞

Codezips Gym Management System is an open source gym management system from Codezips. An injection vulnerability exists in Codezips Gym Management System version 1.0, which stems from the parameter name in the file /dashboard/admin/editmember.php that can lead to SQL injection...