SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability. This vulnerability arises from improper...

UBUNTU-CVE-2026-42167

modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...

CVE-2026-7293

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function deletecategory of the file /admin/ajax.php?action=deletecategory. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and...

CVE-2026-7283 SourceCodester Pharmacy Sales and Inventory System ajax.php save_expired sql injection

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function saveexpired of the file /ajax.php?action=saveexpired. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit ha...

CVE-2026-7265

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function Category of the file pizza/index.php?page=category. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploi...

CVE-2026-7267

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects an unknown function of the file /viewprod.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

CVE-2026-7267

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2026-7266 SourceCodester Pizzafy Ecommerce System ajax.php save_order sql injection

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function saveorder of the file /admin/ajax.php?action=saveorder. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public an...

CVE-2026-7266

SourceCodester Pizzafy Ecommerce System 1.0 is affected by a SQL injection in the admin/ajax.php?action=save_order function via the ID parameter. The vulnerability can be exploited remotely and publicly; exploitation is noted as PROOF-OF-CONCEPT. Impact is described as low for confidentiality, in...

CVE-2026-7265 SourceCodester Pizzafy Ecommerce System index.php category sql injection

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function Category of the file pizza/index.php?page=category. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploi...

CVE-2026-7265

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function Category of the file pizza/index.php?page=category. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploi...

EUVD-2026-26031

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function Category of the file pizza/index.php?page=category. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploi...

CVE-2026-7264 SourceCodester Pizzafy Ecommerce System ajax.php get_cart_items sql injection

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function getcartitems of the file /admin/ajax.php?action=getcartitems. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been ma...

EUVD-2026-26027

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function getcartitems of the file /admin/ajax.php?action=getcartitems. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been ma...

CVE-2026-40978

Summary: CVE-2026-40978 is a SQL injection vulnerability in Spring AI’s CosmosDBVectorStore. Affected versions: Spring AI 1.0.0–1.0.5 (fixed in 1.0.6) and 1.1.0–1.1.4 (fixed in 1.1.5). Issue: Attackers can trigger arbitrary SQL queries via crafted document IDs, enabling high-severity impact as pe...

EUVD-2026-25997

A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing a manipulation of the argument complaintreply results in sql injection. It is possible to initiate the...

CVE-2026-7229

A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing a manipulation of the argument complaintreply results in sql injection. It is possible to initiate the...

CVE-2026-7229 code-projects Coaching Management System POST reply.php sql injection

A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing a manipulation of the argument complaintreply results in sql injection. It is possible to initiate the...

CVE-2026-7228

CVE-2026-7228 affects SourceCodester Pizzafy Ecommerce System 1.0. The vulnerable component is the function get_cart_count in /admin/ajax.php?action=get_cart_count, where an manipulated ID parameter enables a SQL injection. The issue is exploitable remotely, with a PoC/exploit published and avail...

CVE-2026-7227 SourceCodester Pizzafy Ecommerce System ajax.php login sql injection

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...