PT-2026-43017

A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from...

CVE-2026-7115

A vulnerability was identified in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file 370project/delete.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might ...

GHSA-WWPW-HRX8-79R5 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

Summary The AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition !phpsapiname === 'cli' never evaluates to true due to how PHP...

CVE-2026-34733

CVE-2026-34733 (AVideo) : AVideo proves vulnerable in versions ≤26.0 via the file install/deleteSystemdPrivate.php, which contains a PHP operator precedence bug in its CLI guard. The check uses !php_sapi_name() === 'cli', which, due to precedence, is always false, allowing unauthenticated HTTP ac...

CVE-2026-4836

A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /myaccount/delete.php. Performing a manipulation of the argument cosid results in sql injection. It is possible to initiate the attack remotely. The exploit is now public a...

CVE-2026-3695

A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public an...

PT-2026-7032

A security flaw has been discovered in code-projects Online Reviewer System 1.0. The impacted element is an unknown function of the file /reviewer/system/system/admins/manage/users/user-delete.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated...

ATutor SQL注入漏洞

ATutor is a set of open-source web-based Learning Content Management Systems LCMS developed by the Atutor team. This system includes modules for teaching content management, forums, chat rooms, etc. Version 2.2.4 of ATutor has a SQL injection vulnerability; this vulnerability stems from the...

CVE-2026-21641

HackerOne community member Jad Ghamloush 0xjad has reported an authorization bypass vulnerability in the tracker-delete.php script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts...

PT-2026-3658

HackerOne community member Jad Ghamloush 0xjad has reported an authorization bypass vulnerability in the tracker-delete.php script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts...

CVE-2026-0590 code-projects Online Product Reservation System POST Parameter delete.php sql injection

A vulnerability was determined in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/checkout/delete.php of the component POST Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate th...

CVE-2026-0590

Code-projects Online Product Reservation System 1.0 is affected in /app/checkout/delete.php where the POST Parameter Handler manipulates the ID argument, causing SQL injection. The vulnerability is exploitable remotely and exploits have been publicly disclosed. Remediation guidance from connected...

CVE-2026-0578

A vulnerability has been found in code-projects Online Product Reservation System 1.0. Affected by this issue is some unknown functionality of the file /handgunner-administrator/delete.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The explo...

CVE-2026-0578 code-projects Online Product Reservation System delete.php sql injection

A vulnerability has been found in code-projects Online Product Reservation System 1.0. Affected by this issue is some unknown functionality of the file /handgunner-administrator/delete.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The explo...

EUVD-2026-0779

A vulnerability has been found in code-projects Online Product Reservation System 1.0. Affected by this issue is some unknown functionality of the file /handgunner-administrator/delete.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The explo...

CVE-2026-0565

CVE-2026-0565 affects code-projects Content Management System 1.0. The vulnerability arises from improper handling of the del parameter in the file /admin/delete.php, enabling remote SQL injection without authentication or user interaction. Multiple sources (NVD, Red Hat, CVE feeds) describe the ...

PT-2026-1066

Name of the Vulnerable Software and Affected Versions code-projects Content Management System version 1.0 Description A flaw exists in code-projects Content Management System that involves the processing of the /admin/delete.php file. Manipulation of the del argument within this file can lead to...

PT-2025-48455

Name of the Vulnerable Software and Affected Versions Blood Bank Management System version 1.0 Description An issue exists in Blood Bank Management System version 1.0 that allows authenticated attackers to perform actions with escalated privileges. This is achieved through a crafted request to th...

PT-2025-44397

Name of the Vulnerable Software and Affected Versions tftpsync affected versions not specified Description A path traversal flaw exists in the tftpsync/add and tftpsync/delete scripts. A remote attacker on an adjacent network can potentially write or delete files on the filesystem with the...

CVE-2025-11628 jimit105 Project-Online-Shopping-Website Product Inventory delete.php sql injection

A flaw has been found in jimit105 Project-Online-Shopping-Website up to 7d892f442bd8a96dd242dbe2b9bd5ed641e13e64. This affects an unknown function of the file /delete.php of the component Product Inventory Handler. This manipulation of the argument productcode causes sql injection. It is possible...