Brocade SANnav 安全漏洞

Brocade SANnav is a storage area network management software developed by the American company Brocade. Versions of Brocade SANnav prior to 2.4.0a contained security vulnerabilities. These vulnerabilities stemmed from improper logging in the update-reports-purge-settings.sh script, which could le...

GUnet OpenEclass SQL注入漏洞

GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Version 1.7.3 of GUnet OpenEclass contains a SQL injection vulnerability. This vulnerability stems from multiple SQL injection points in the agenda module and other endpoints, which could allow authenticated...

GUnet OpenEclass 访问控制错误漏洞

GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Version 1.7.3 of GUnet OpenEclass contains an access control vulnerability. This vulnerability stems from the default inclusion of phpMyAdmin 2.10.0.2, which may allow attackers to obtain MySQL passwords and ga...

Shandong Kede Smart Water Meter Monitoring Platform 安全漏洞

Shandong Kede Smart Water Meter Monitoring Platform is an intelligent water meter monitoring platform developed by Shandong Kede Corporation. Version v.1.0 of the Shandong Kede Smart Water Meter Monitoring Platform contains a security vulnerability. This vulnerability stems from an SQL injection...

PHP Address Book SQL注入漏洞

PHP Address Book is a web-based contact management system developed by chatelao. Version 9.0.0.1 of PHP Address Book has a SQL injection vulnerability. This vulnerability stems from a time-based blind SQL injection in the photo.php endpoint. Attackers can extract information by injecting speciall...

Arox School ERP Pro SQL注入漏洞

Arox School ERP Pro is a one-stop automation management platform offered by Arox Corporation. Version 1.0 of School ERP Pro has a SQL injection vulnerability. This vulnerability stems from the esmessagesid parameter, which allows attackers to inject custom SQL statements through GET requests. As ...

PT-2026-5833

PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQL statements with time delays to extract information by observing response times in the photo.php...

CVE-2025-70841

Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...

CVE-2025-70841

Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...

PT-2026-5986

Name of the Vulnerable Software and Affected Versions chetans9 core-php-admin-panel through commit a94a780d6 Description The application does not call exit after sending an HTTP redirect via headerLocation:login.php when a user is not authenticated. This allows remote unauthenticated attackers to...

PT-2026-5968

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions prior to 2.9.8 Description OpenSTAManager is a management software for technical assistance and invoicing. A SQL Injection issue exists in version 2.9.8 and earlier when handling the get sedi operation through the /ajax...

PT-2026-5966

Name of the Vulnerable Software and Affected Versions ExpressTech Systems Quiz And Survey Master versions through 10.3.1 Description A flaw exists in ExpressTech Systems Quiz And Survey Master that allows for SQL Injection. The issue impacts approximately 40,000 WordPress sites globally. A...

PT-2026-6290

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get// endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0...

PT-2026-5857

Name of the Vulnerable Software and Affected Versions GUnet OpenEclass version 1.7.3 Description The software contains multiple SQL injection flaws. Authenticated attackers can manipulate database queries through unvalidated parameters. Attackers can exploit the month parameter in the agenda modu...

CVE-2025-69981

FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...

CVE-2025-70758

chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/authvalidate.php. The application sends an HTTP redirect via headerLocation:login.php when a user is not authenticated but fails to call exit afterward. This allows remote...

CVE-2025-69981

FUXA v1.2.7 has an Unrestricted File Upload issue at the /api/upload endpoint. The endpoint authenticates users poorly (lacks authentication), allowing unauthenticated remote attackers to upload arbitrary files. This can enable overwriting critical system files such as the SQLite user database an...

PT-2026-6494

Summary A SQL Injection vulnerability exists in the ajax complete.php endpoint when handling the get sedi operation. An authenticated attacker can inject malicious SQL code through the idanagrafica parameter, leading to unauthorized database access. Proof of Concept Vulnerable Code File:...

EUVD-2025-206714

JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack...

PT-2026-5987

Name of the Vulnerable Software and Affected Versions Dokans Multi-Tenancy Based eCommerce Platform version 3.9.2 Description The platform allows unauthenticated remote attackers to obtain sensitive application configuration data by directly requesting the '/script/.env' file. This file contains...