CVE-2026-39333

ChurchCRM is an open-source church management system. Prior to 7.1.0, he FindFundRaiser.php endpoint reflects user-supplied input DateStart and DateEnd into HTML input field attributes without proper output encoding for the HTML attribute context. An authenticated attacker can craft a malicious U...

PT-2026-30957

ChurchCRM is an open-source church management system. Prior to 7.1.0, he FindFundRaiser.php endpoint reflects user-supplied input DateStart and DateEnd into HTML input field attributes without proper output encoding for the HTML attribute context. An authenticated attacker can craft a malicious U...

CVE-2026-30881

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...

CVE-2026-30881 Chamilo LMS: SQL Injection in the statistics AJAX endpoint

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...

CVE-2025-11555

A vulnerability was detected in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/calendarofevents.php. The manipulation of the argument datestart results in sql injection. The attack may be launched remotely. The exploit is now public and may be use...

CVE-2025-11555 Campcodes Online Learning Management System calendar_of_events.php sql injection

A vulnerability was detected in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/calendarofevents.php. The manipulation of the argument datestart results in sql injection. The attack may be launched remotely. The exploit is now public and may be use...

CampCodes Online Learning Management System 安全漏洞

CampCodes Online Learning Management System is an online learning management system from CampCodes Philippines, Inc. A security vulnerability exists in CampCodes Online Learning Management System version 1.0, which stems from an incorrect manipulation of the parameter datestart in the file...

CVE-2024-50830

A SQL Injection vulnerability was found in /admin/calendarofevents.php in kashipara E-learning Management System Project 1.0 via the datestart, dateend, and title parameters...

Kashipara E-learning Management System 跨站脚本漏洞

Kashipara E-learning Management System is a learning management system from Kashipara Inc. A cross-site scripting vulnerability exists in Kashipara E-learning Management System version 1.0, which is rooted in a stored cross-site scripting attack that allows a remote attacker to execute arbitrary...

PT-2024-34428 · Unknown · Kashipara E-Learning Management System Project

Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System Project version 1.0 Description: A SQL Injection issue was found in the /admin/calendar of events.php page of the kashipara E-learning Management System Project. The vulnerability is exploitable via the...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System version 1.0, which originates from an SQL injection in the parameters datestart, dateend, and title...

PT-2024-34440 · Unknown · Kashipara E-Learning Management System Project

Name of the Vulnerable Software and Affected Versions: KASHIPARA E-learning Management System Project version 1.0 Description: A Stored Cross-Site Scripting XSS issue was found in the /admin/calendar of events.php endpoint, allowing remote attackers to execute arbitrary scripts via the date start...

PT-2024-19507 · Unknown · Budget/Expense Tracker System

Name of the Vulnerable Software and Affected Versions: Budget and Expense Tracker System version 1.0 Description: The issue is related to SQL Injection. It can be exploited via the "/expense budget/admin/?page=reports/budget&date start=2023-12-28&date end=" endpoint. The date start and date end...

Online Computer and Laptop Store SQL注入漏洞

Online Computer and Laptop Store is an online computer and laptop store from Carlo Montero's personal developer. Online Computer and Laptop Store v1.0 is vulnerable to SQL injection. The vulnerability stems from the lack of validation of externally entered SQL statements in the parameter...