14 matches found
CVE-2026-41657
Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...
Admidio 安全漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio prior to 5.0.9 contained security vulnerabilities. These vulnerabilities...
CVE-2025-41008
CVE-2025-41008 affects Sinturno via SQL injection in the /_adm/scripts/modalReport_data.php endpoint, using the 'client' parameter. The vulnerability allows an attacker to retrieve, create, update, and delete databases, with network attack vector, low attack complexity, and no privileges required...
EUVD-2018-8090
Malware in sbrugna...
CVE-2025-2951
A vulnerability classified as critical has been found in Bluestar Micro Mall 1.0. Affected is an unknown function of the file /api/data.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public a...
CVE-2024-10746
A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. This affects an unknown part of the file /admin/assets/plugins/DataTables/media/unittesting/templates/domdata.php. The manipulation of the argument scripts leads to cross site scripting. It is...
PHPGurukul Online Shopping Portal 安全漏洞
Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of file...
Inventory Management System SQL注入漏洞
Inventory Management System is an inventory management system by the individual developer of stemword. Inventory Management System version 1.0 suffers from a SQL injection vulnerability that stems from the parameter columns0data in the file staffdata.php, which can lead to sql injection...
Inventory Management System 跨站脚本漏洞
Inventory Management System is an inventory management system by stemword individual developers. A cross-site scripting vulnerability exists in SourceCodester Inventory Management System version 1.0, which stems from the parameter name/company in the file suppliardata.php that causes cross-site...
PT-2023-28204 · Sourcecodester · Sourcecodester Inventory Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Inventory Management System version 1.0 Description: A critical issue was found in the SourceCodester Inventory Management System, affecting the file catagory data.php. The manipulation of the columns1data argument leads to SQL...
Tongda2000 SQL注入漏洞
A SQL injection vulnerability exists in Tongda2000, a web-based intelligent office system from China Tongda, which originates from the dname parameter in the product's exportdata.php file that does not securely handle special characters in user input data. An attacker can execute malicious SQL...
CVE-2019-7748
includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if users/admin/tasks.php exists...
PHP Code Injection
phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...
PHP Code Injection
phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...