CVE-2018-25206

KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...

CVE-2025-15456

A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown function of the file /mc-admin/page-edit.php of the component Publish Page Handler. Such manipulation leads to improper authentication. The attack may be performed from remote. The exploit has been...

EUVD-2025-31382

Malicious code in bioql PyPI...

CVE-2025-10828 SourceCodester Pet Grooming Management Software edit.php sql injection

A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file /admin/edit.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly an...

CVE-2025-57439

Creacast Creabox Manager 4.4.4 contains a critical Remote Code Execution vulnerability accessible via the edit.php endpoint. An authenticated attacker can inject arbitrary Lua code into the configuration, which is then executed on the server. This allows full system compromise, including reverse...

ISPConfig language_edit.php PHP Code Injection

This module exploits a PHP code injection vulnerability in ISPConfig's languageedit.php file. The vulnerability occurs when the adminallowlangedit setting is enabled, allowing authenticated administrators to inject arbitrary PHP code through the language editor interface. This module will...

Itechscripts School Management Software 注入漏洞

Itechscripts School Management Software is a campus management software. An injection vulnerability exists in Itechscripts School Management Software version 2.75, which stems from the parameter aid in the file /notice-edit.php that can lead to SQL injection...

CVE-2023-31939

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomerid parameter at customeredit.php...

DBHcms Cross-Site Scripting Vulnerability

DBHcms is a small, free and open source content management system for personal and small business websites. A stored cross-site scripting vulnerability exists in DBHcms 1.2.0. The vulnerability stems from the failure of the htmlspecialchars function in dbhcmsmodmod.domain.edit.php on line 119. An...

PT-2019-14893 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions up to 4.5.7 Description: The issue concerns the use of an unsanitized query string variable in the file appcontactscontact edit.php, which is reflected in HTML and leads to a cross-site scripting XSS issue. This occurs when...

CVE-2017-1002023

Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easyteammanagerdescedit.php...

PHPIPAM SQL Injection Vulnerability

phpipam is a set of open source PHP and MySQL based IP address management application IPAM. A cross-site scripting vulnerability exists in phpipam version 1.2.1, which can be exploited by an attacker to compromise the application, access or modify data, or exploit potential vulnerabilities in the...

ProjectSend SQL Injection Vulnerability

ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. A SQL injection vulnerability exists in the client-edit.php script in ProjectSend version r561. Since the users-edit.php script fails to adequately filter the 'id' parameter. A remote attacker can...

PHP TopSites 2.02.2 - HTML Injection

PHP TopSites 2.02.2 - HTML Injection source: https://www.securityfocus.com/bid/6621/info An HTML injection vulnerability has been discovered in PHP TopSites. The issue occurs due to insufficient sanitization of user-supplied data. By injecting HTML code into the tag of the description page, when...

PHP TopSites 2.0/2.2 - HTML Injection

source: https://www.securityfocus.com/bid/6621/info An HTML injection vulnerability has been discovered in PHP TopSites. The issue occurs due to insufficient sanitization of user-supplied data. By injecting HTML code into the tag of the description page, when submitting website, it may be possibl...