2 matches found
EUVD-2026-41760
A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. Affected is an unknown function of the file /admin/addroom.php. Executing a manipulation of the argument deleteimage/edit/description/number/price/rooms/type can lead to sql injection. The attack can be launched remotely. T...
IndyNews - PhpNuke module: several problems
IndyNews is a PhpNuke add-on that allows users to include media files images, documents and so on to articles. While I was playing with the module, I've found several problems. 1 function delMediaFile Anybody is able to delete any media attached to already approved articles. 2 function manageMedi...