284 matches found
CVE-2025-10098 PHPGurukul User Management System edit-user-profile.php sql injection
A security flaw has been discovered in PHPGurukul User Management System 1.0. Affected is an unknown function of the file /admin/edit-user-profile.php. The manipulation of the argument uid results in sql injection. The attack may be performed from remote. The exploit has been released to the publ...
CVE-2025-10098
PHPGurukul User Management System 1.0 has a SQL injection in /admin/edit-user-profile.php when the uid argument is manipulated. The vulnerability is exploitable remotely, and public exploits have been released. The CVE is corroborated across NVD and other feeds (Red Hat, CVE List, PT Security) wi...
CVE-2024-49722
In showAvatarPicker of EditUserPhotoController.java, there is a possible cross user image leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Google Android Information Disclosure Vulnerability (CNVD-2026-00039)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability due to cross-user image disclosure caused by an obfuscated proxy in the showAvatarPicker of EditUserPhotoController.java. An attacker can exploit the...
CVE-2024-49722
In showAvatarPicker of EditUserPhotoController.java, there is a possible cross user image leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2025-35619
Name of the Vulnerable Software and Affected Versions: EditUserPhotoController.java affected versions not specified Description: The showAvatarPicker function within EditUserPhotoController.java is susceptible to a confused deputy issue, potentially leading to local information disclosure...
CVE-2025-9443
A flaw has been found in Tenda CH22 1.0.0.1. This vulnerability affects the function formeditUserName of the file /goform/editUserName. Executing manipulation of the argument newaccount can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and m...
Exploit for CVE-2025-54962
🔥 CVE-2025-54962 — Insecure File Upload in OpenPLC Runtime Web...
CVE-2025-8189
A vulnerability classified as critical was found in Campcodes Courier Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...
CampCodes Courier Management System 注入漏洞
CampCodes Courier Management System is a courier management system from CampCodes Philippines. An injection vulnerability exists in CampCodes Courier Management System version 1.0, which originates from a SQL injection due to a mishandling of the parameter ID in the file /edituser.php...
CVE-2025-7928
A vulnerability was found in code-projects Church Donation System 1.0 and classified as critical. This issue affects some unknown processing of the file /members/edituser.php. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has...
Code-Projects Church Donation System 注入漏洞
Code-Projects Church Donation System is an open source church donation system by Code-Projects. An injection vulnerability exists in Code-Projects Church Donation System version 1.0, which stems from an SQL injection attack due to the incorrect operation of the parameter firstname in the file...
CVE-2025-6842
A vulnerability was found in code-projects Product Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edituser.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...
Code-Projects Simple Pizza Ordering System 注入漏洞
Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /edituser.php. An attacker can exploit this vulnerabili...
CVE-2024-1928
A vulnerability, which was classified as critical, has been found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit-admin.php of the component Edit User Profile Page. The manipulation of the argument Fullname lea...
CVE-2024-43082
In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-27245
A cross-site scripting XSS vulnerability in File Management Project 1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Edit User module...
CVE-2022-38595
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edituser.php...
CVE-2025-4292
A vulnerability has been found in MRCMS 3.1.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/user/edit.do of the component Edit User Page. The manipulation of the argument Username leads to cross site scripting. The attack can be...
CVE-2025-4292 MRCMS Edit User Page edit.do cross site scripting
A vulnerability has been found in MRCMS 3.1.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/user/edit.do of the component Edit User Page. The manipulation of the argument Username leads to cross site scripting. The attack can be...