PT-2026-39521

Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of files-edit.php. Attackers can inject JavaScript payloads through the file name field that execute in the...

CVE-2026-2059

A vulnerability has been found in SourceCodester Medical Center Portal Management System 1.0. Affected is an unknown function of the file /empedit1.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the publ...

CVE-2021-47915

Summary: CVE-2021-47915 affects PHP Melody 3.0, where the video edit module accepts an unvalidated vid parameter, enabling authenticated users to perform a remote SQL injection. This can lead to arbitrary database queries and potential compromise of the web app and its database management system....

CVE-2018-25144

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform...

CVE-2025-14730 CTCMS Content Management System Backend System Configuration Ct_Config.php code injection

A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/CtConfig.php of the component Backend System Configuration Module. The manipulation of the argument CjAdd/CjEdit results in code injection. Th...

PT-2025-51156

Name of the Vulnerable Software and Affected Versions itsourcecode Online Cake Ordering System version 1.0 Description A flaw exists in itsourcecode Online Cake Ordering System version 1.0 that allows for SQL injection. The issue stems from improper handling of the ID argument within the...

WordPress Outdoor plugin SQL injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Outdoor plugin suffers from a SQL injection vulnerability that stems from a lack of validation of the edit parameter. An attacker can exploit this vulnerability to...

EUVD-2018-16862

Malware in sbrugna...

EUVD-2025-29167

Malicious code in bioql PyPI...

EUVD-2025-26281

Malicious code in bioql PyPI...

CVE-2025-10446 Campcodes Computer Sales and Inventory System cust_searchfrm.php sql injection

A security vulnerability has been detected in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/custsearchfrm.php?action=edit. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely...

CVE-2025-9706

A security vulnerability has been detected in SourceCodester Water Billing System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed...

CVE-2025-55175

CVE-2025-55175 : QuickCMS is vulnerable to a Reflected XSS via the sLangEdit parameter in the admin panel. A malicious URL can trigger arbitrary JavaScript execution in the victim’s browser. Only version 6.8 was tested and confirmed vulnerable; other versions were not tested and might also be vul...

CVE-2019-16696

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used...

SPPanAdmin 代码注入漏洞

SPPanAdmin is a basic framework for backend management system by reckcn individual developers. A code injection vulnerability exists in SPPanAdmin version 1.0, which originates from the parameter name in the file /admin/role/edit that can lead to cross-site scripting...

1000 Projects Bookstore Management System 注入漏洞

1000 Projects Bookstore Management System is an open source bookstore management system from 1000 Projects. An injection vulnerability exists in 1000 Projects Bookstore Management System version 1.0, which stems from the parameter cat in the file /admin/processcategoryedit.php that can cause SQL...

CVE-2024-48622

A cross-site scripting XSS issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter...

CVE-2024-32344

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section...

CVE-2024-32344

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section...

CVE-2024-32344

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section...