Lucene search
K

14 matches found

NVD
NVD
added 2026/05/07 4:16 a.m.15 views

CVE-2026-41657

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

4.9CVSS0.00322EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio prior to 5.0.9 contained security vulnerabilities. These vulnerabilities...

4.9CVSS5.8AI score0.00322EPSS
Exploits0References1
CVE
CVE
added 2026/03/23 12:59 p.m.17 views

CVE-2025-41008

CVE-2025-41008 affects Sinturno via SQL injection in the /_adm/scripts/modalReport_data.php endpoint, using the 'client' parameter. The vulnerability allows an attacker to retrieve, create, update, and delete databases, with network attack vector, low attack complexity, and no privileges required...

9.3CVSS5.9AI score0.00249EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-8090

Malware in sbrugna...

7.2CVSS7AI score0.02155EPSS
Exploits1References2
OSV
OSV
added 2025/03/30 12:15 p.m.3 views

CVE-2025-2951

A vulnerability classified as critical has been found in Bluestar Micro Mall 1.0. Affected is an unknown function of the file /api/data.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public a...

9.8CVSS6.5AI score0.00449EPSS
Exploits1References4
OSV
OSV
added 2024/11/04 12:15 a.m.2 views

CVE-2024-10746

A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. This affects an unknown part of the file /admin/assets/plugins/DataTables/media/unittesting/templates/domdata.php. The manipulation of the argument scripts leads to cross site scripting. It is...

6.1CVSS3.9AI score0.00367EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/11/04 12:0 a.m.3 views

PHPGurukul Online Shopping Portal 安全漏洞

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of file...

6.1CVSS6AI score0.00367EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/08/27 12:0 a.m.4 views

Inventory Management System SQL注入漏洞

Inventory Management System is an inventory management system by the individual developer of stemword. Inventory Management System version 1.0 suffers from a SQL injection vulnerability that stems from the parameter columns0data in the file staffdata.php, which can lead to sql injection...

9.8CVSS7.1AI score0.00649EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/08/27 12:0 a.m.4 views

Inventory Management System 跨站脚本漏洞

Inventory Management System is an inventory management system by stemword individual developers. A cross-site scripting vulnerability exists in SourceCodester Inventory Management System version 1.0, which stems from the parameter name/company in the file suppliardata.php that causes cross-site...

6.1CVSS4.1AI score0.0043EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/08/07 12:0 a.m.5 views

PT-2023-28204 · Sourcecodester · Sourcecodester Inventory Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Inventory Management System version 1.0 Description: A critical issue was found in the SourceCodester Inventory Management System, affecting the file catagory data.php. The manipulation of the columns1data argument leads to SQL...

7.5CVSS7.8AI score0.00533EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/02/14 12:0 a.m.4 views

Tongda2000 SQL注入漏洞

A SQL injection vulnerability exists in Tongda2000, a web-based intelligent office system from China Tongda, which originates from the dname parameter in the product's exportdata.php file that does not securely handle special characters in user input data. An attacker can execute malicious SQL...

9.8CVSS5.9AI score0.01194EPSS
Exploits1References2
OSV
OSV
added 2019/02/11 9:29 p.m.3 views

CVE-2019-7748

includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if users/admin/tasks.php exists...

6.1CVSS5.8AI score0.00865EPSS
Exploits1References1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.13 views

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

9.8CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.59 views

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

9.8CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Rows per page
Query Builder