PT-2026-30957

ChurchCRM is an open-source church management system. Prior to 7.1.0, he FindFundRaiser.php endpoint reflects user-supplied input DateStart and DateEnd into HTML input field attributes without proper output encoding for the HTML attribute context. An authenticated attacker can craft a malicious U...

CVE-2026-30881 Chamilo LMS: SQL Injection in the statistics AJAX endpoint

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...

CVE-2024-50830

A SQL Injection vulnerability was found in /admin/calendarofevents.php in kashipara E-learning Management System Project 1.0 via the datestart, dateend, and title parameters...

Kashipara E-learning Management System 跨站脚本漏洞

Kashipara E-learning Management System is a learning management system from Kashipara Inc. A cross-site scripting vulnerability exists in Kashipara E-learning Management System version 1.0, which is rooted in a stored cross-site scripting attack that allows a remote attacker to execute arbitrary...

PT-2024-34428 · Unknown · Kashipara E-Learning Management System Project

Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System Project version 1.0 Description: A SQL Injection issue was found in the /admin/calendar of events.php page of the kashipara E-learning Management System Project. The vulnerability is exploitable via the...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System version 1.0, which originates from an SQL injection in the parameters datestart, dateend, and title...

PT-2024-34440 · Unknown · Kashipara E-Learning Management System Project

Name of the Vulnerable Software and Affected Versions: KASHIPARA E-learning Management System Project version 1.0 Description: A Stored Cross-Site Scripting XSS issue was found in the /admin/calendar of events.php endpoint, allowing remote attackers to execute arbitrary scripts via the date start...

PT-2024-19507 · Unknown · Budget/Expense Tracker System

Name of the Vulnerable Software and Affected Versions: Budget and Expense Tracker System version 1.0 Description: The issue is related to SQL Injection. It can be exploited via the "/expense budget/admin/?page=reports/budget&date start=2023-12-28&date end=" endpoint. The date start and date end...

CVE-2023-2100

A vulnerability classified as problematic was found in SourceCodester Vehicle Service Management System 1.0. This vulnerability affects unknown code of the file /admin/report/index.php. The manipulation of the argument dateend leads to cross site scripting. The attack can be initiated remotely. T...

PT-2023-17789

Name of the Vulnerable Software and Affected Versions SourceCodester Vehicle Service Management System version 1.0 Description A problematic vulnerability was found in the SourceCodester Vehicle Service Management System. This issue affects the file /admin/report/index.php and is triggered by the...

Sourcecodester Vehicle Service Management System 跨站脚本漏洞

Sourcecodester Vehicle Service Management System is an open source PHP project. A simple web application for automotive repair/service stores or businesses. A cross-site scripting vulnerability exists in SourceCodester Vehicle Service Management System version 1.0, which originates from unknown...

Online Computer and Laptop Store SQL注入漏洞

Online Computer and Laptop Store is an online computer and laptop store from Carlo Montero's personal developer. Online Computer and Laptop Store v1.0 is vulnerable to SQL injection. The vulnerability stems from the lack of validation of externally entered SQL statements in the parameter...

Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities

Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/54773/info Barracuda Email Security Service is prone to multiple HTML-injection vulnerabilities because it fails to properly validate user-supplied input. An attacker may leverage...