EUVD-2022-55990

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted...

CVE-2026-2431

CVE-2026-2431 affects the CM Custom Reports plugin for WordPress. All versions up to and including 1.2.7 are vulnerable due to insufficient input sanitization and output escaping on the date_from/date_to parameters, enabling a reflected Cross-Site Scripting (XSS) attack. This allows unauthenticat...

Projectworlds Advanced Library Management System SQL注入漏洞

Projectworlds Advanced Library Management System is an advanced library management system from Projectworlds India. A SQL injection vulnerability exists in projectworlds Advanced Library Management System version 1.0, which stems from incorrect manipulation of the parameter datefrom/dateto in the...

CVE-2023-29985

Sourcecodester Student Study Center Desk Management System v1.0 admin\reports\index.phpdatefrom has a SQL Injection vulnerability...

PT-2023-22504 · Unknown · Sourcecodester Student Study Center Desk Management System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Student Study Center Desk Management System version 1.0 Description: The issue is related to a SQL Injection vulnerability. It affects the adminreportsindex.php endpoint, specifically the date from parameter. Recommendations: F...

Student Study Center Desk Management System SQL注入漏洞

Student Study Center Desk Management System is a student study center desk management system. A SQL injection vulnerability exists in SourceCodester Student Study Center Desk Management System version 1.0, which originates from a security issue in the admin/?page=reports&datefrom=2023-02-17& of t...