CVE-2026-5606

A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /order-details.php of the component Parameter Handler. The manipulation of the argument orderid results in sql injection. It is possible to launch the atta...

CVE-2026-5606 PHPGurukul Online Shopping Portal Project Parameter order-details.php sql injection

A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /order-details.php of the component Parameter Handler. The manipulation of the argument orderid results in sql injection. It is possible to launch the atta...

EUVD-2019-20087

Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inject script tags through the cateid parameter in categorysearch.php or SQL code through the view...

Hostel Management System register-complaint.php file cross-site scripting vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter cdetails in the file /register-complaint.php, which can be exploit...

CVE-2025-11995

The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event details parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-11995

The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event details parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

EUVD-2007-6427

Malware in sbrugna...

EUVD-2018-11038

Malware in sbrugna...

Code-Projects Job Diary 注入漏洞

Job Diary is a job diary software. Job Diary suffers from a SQL injection vulnerability that stems from an error in the parameter jobid in the file /view-details.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL...

Code-Projects Online Bidding System 注入漏洞

Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of file /details.php. An attacker can exploit this vulnerability to execute illega...

CVE-2024-42560

A cross-site scripting XSS vulnerability in the component updatepagedetails.php of Blood Bank And Donation Management System commit dc9e039 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Details parameter...

PT-2025-3764 · Unknown · Code-Projects Online Book Shop

Name of the Vulnerable Software and Affected Versions: code-projects Online Shop version 1.0 Description: A problem has been found in the code that affects the /view.php file. Manipulating the name/details argument leads to cross site scripting attacks. These attacks can be started from a remote...

CVE-2024-42560

A cross-site scripting XSS vulnerability in the component updatepagedetails.php of Blood Bank And Donation Management System commit dc9e039 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Details parameter...

PT-2024-20967 · Unknown · Advanced Rest Client

Name of the Vulnerable Software and Affected Versions: Advanced REST Client version 17.0.9 Description: The issue allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the edit details parameter of the New Project function. This is a Cross Sit...

CVE-2023-50864

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database...

PT-2024-13776 · Billing · Billing

Name of the Vulnerable Software and Affected Versions: Billing Software version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the bank details parameter of the "party submit.php" resource does not validate the characters received, and th...

Kashipara Billing Software SQL Injection Vulnerability

Kashipara Billing Software is an application from Kashipara India. A SQL injection vulnerability exists in the v1.0 version of Kashipara Billing Software, which originates when the bankdetails parameter of the partysubmit.php page is processed without filtering the data and sending it to the...

PT-2022-8064 · Unknown · Shred Cilla

Name of the Vulnerable Software and Affected Versions: shred cilla affected versions not specified Description: A vulnerability was found in shred cilla, classified as problematic. It affects an unknown function of the file cilla-xample/src/main/webapp/WEB-INF/jsp/view/search.jsp of the component...

CVE-2018-19340

Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter...

CVE-2017-17577

FS Trademe Clone 1.0 has SQL Injection via the searchitem.php search parameter or the generalitemdetails.php id parameter...