CVE-2026-4838

A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown function of the file /display.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be us...

EUVD-2026-16082

A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown function of the file /display.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be...

CVE-2026-4838

A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown function of the file /display.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be us...

CVE-2026-4838

SourceCodester Malawi Online Market 1.0 contains a SQL injection in an unknown function within /display.php triggered by manipulating the argument ID. This allows remote exploitation and an exploit has been published. The CVE notes the impact as low for confidentiality/integrity/availability with...

CVE-2026-4838

A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown function of the file /display.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be us...

SourceCodester Malawi Online Market SQL注入漏洞

SourceCodester Malawi Online Market is an open-source online marketplace and e-commerce management system developed using the PHP language by SourceCodester. Version 1.0 of SourceCodester Malawi Online Market contains a SQL injection vulnerability, which stems from incorrect handling of the...

GHSA-G6XH-WRPF-V6J6 phppgadmin contains a SQL injection vulnerability

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...

CVE-2021-4427

The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.31. This is due to missing or incorrect nonce validation in the /admin/partials/free-comments-for-wordpress-vuukle-admin-display.php file. This...

PT-2023-10300 · WordPress · Wp-Donate

Name of the Vulnerable Software and Affected Versions: wp-donate Plugin versions up to 1.4 Description: A critical issue has been found in the wp-donate Plugin, affecting an unknown part of the file includes/donate-display.php. This issue leads to sql injection and can be initiated remotely...

PT-2019-12255

Name of the Vulnerable Software and Affected Versions I, Librarian version 4.10 Description A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the project parameter in the display.php file. Recommendations For I, Librari...

CVE-2008-5375

cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file...