Lucene search
K

284 matches found

Vulnrichment
Vulnrichment
added 2025/09/08 5:2 p.m.5 views

CVE-2025-10098 PHPGurukul User Management System edit-user-profile.php sql injection

A security flaw has been discovered in PHPGurukul User Management System 1.0. Affected is an unknown function of the file /admin/edit-user-profile.php. The manipulation of the argument uid results in sql injection. The attack may be performed from remote. The exploit has been released to the publ...

6.5CVSS6.5AI score0.00408EPSS
Exploits1References5
CVE
CVE
added 2025/09/08 5:2 p.m.22 views

CVE-2025-10098

PHPGurukul User Management System 1.0 has a SQL injection in /admin/edit-user-profile.php when the uid argument is manipulated. The vulnerability is exploitable remotely, and public exploits have been released. The CVE is corroborated across NVD and other feeds (Red Hat, CVE List, PT Security) wi...

8.8CVSS6.5AI score0.00408EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/04 10:32 p.m.3 views

CVE-2024-49722

In showAvatarPicker of EditUserPhotoController.java, there is a possible cross user image leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.4AI score0.00108EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.4 views

Google Android Information Disclosure Vulnerability (CNVD-2026-00039)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability due to cross-user image disclosure caused by an obfuscated proxy in the showAvatarPicker of EditUserPhotoController.java. An attacker can exploit the...

5.5CVSS6.2AI score0.00108EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/02 10:11 p.m.2 views

CVE-2024-49722

In showAvatarPicker of EditUserPhotoController.java, there is a possible cross user image leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

4.9AI score0.00108EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/02 12:0 a.m.4 views

PT-2025-35619

Name of the Vulnerable Software and Affected Versions: EditUserPhotoController.java affected versions not specified Description: The showAvatarPicker function within EditUserPhotoController.java is susceptible to a confused deputy issue, potentially leading to local information disclosure...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References6
OSV
OSV
added 2025/08/26 3:15 a.m.3 views

CVE-2025-9443

A flaw has been found in Tenda CH22 1.0.0.1. This vulnerability affects the function formeditUserName of the file /goform/editUserName. Executing manipulation of the argument newaccount can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and m...

8.7CVSS6.3AI score0.00684EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2025/07/29 4:16 p.m.127 views

Exploit for CVE-2025-54962

🔥 CVE-2025-54962 — Insecure File Upload in OpenPLC Runtime Web...

6.4CVSS6.3AI score0.00233EPSS
Exploits1
OSV
OSV
added 2025/07/26 1:15 p.m.5 views

CVE-2025-8189

A vulnerability classified as critical was found in Campcodes Courier Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...

8.8CVSS5.8AI score0.00382EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/26 12:0 a.m.17 views

CampCodes Courier Management System 注入漏洞

CampCodes Courier Management System is a courier management system from CampCodes Philippines. An injection vulnerability exists in CampCodes Courier Management System version 1.0, which originates from a SQL injection due to a mishandling of the parameter ID in the file /edituser.php...

8.8CVSS6.9AI score0.00382EPSS
Exploits0References6
OSV
OSV
added 2025/07/21 3:15 p.m.3 views

CVE-2025-7928

A vulnerability was found in code-projects Church Donation System 1.0 and classified as critical. This issue affects some unknown processing of the file /members/edituser.php. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has...

9.8CVSS5.8AI score0.00498EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/07/21 12:0 a.m.7 views

Code-Projects Church Donation System 注入漏洞

Code-Projects Church Donation System is an open source church donation system by Code-Projects. An injection vulnerability exists in Code-Projects Church Donation System version 1.0, which stems from an SQL injection attack due to the incorrect operation of the parameter firstname in the file...

9.8CVSS7.9AI score0.00498EPSS
Exploits1References5
OSV
OSV
added 2025/06/29 4:15 a.m.9 views

CVE-2025-6842

A vulnerability was found in code-projects Product Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edituser.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...

7.2CVSS5.8AI score0.0033EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/06/22 12:0 a.m.6 views

Code-Projects Simple Pizza Ordering System 注入漏洞

Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /edituser.php. An attacker can exploit this vulnerabili...

9.8CVSS8.2AI score0.00394EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/23 8:21 a.m.9 views

CVE-2024-1928

A vulnerability, which was classified as critical, has been found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit-admin.php of the component Edit User Profile Page. The manipulation of the argument Fullname lea...

7.2CVSS7.3AI score0.00714EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:32 a.m.7 views

CVE-2024-43082

In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6.2AI score0.00101EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:31 a.m.6 views

CVE-2023-27245

A cross-site scripting XSS vulnerability in File Management Project 1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Edit User module...

6.1CVSS5.8AI score0.00429EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:23 p.m.5 views

CVE-2022-38595

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edituser.php...

7.2CVSS7.1AI score0.00734EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/07 11:16 p.m.18 views

CVE-2025-4292

A vulnerability has been found in MRCMS 3.1.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/user/edit.do of the component Edit User Page. The manipulation of the argument Username leads to cross site scripting. The attack can be...

5.4CVSS6.2AI score0.0026EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/05 10:31 p.m.23 views

CVE-2025-4292 MRCMS Edit User Page edit.do cross site scripting

A vulnerability has been found in MRCMS 3.1.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/user/edit.do of the component Edit User Page. The manipulation of the argument Username leads to cross site scripting. The attack can be...

4.8CVSS0.0026EPSS
Exploits1References4
Rows per page
Query Builder