284 matches found
Code-Projects Online Music Site SQL Injection Vulnerability
Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters related to files, administrators, and the...
CVE-2023-31703
Cross Site Scripting XSS in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter...
CVE-2025-15390
A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for...
CVE-2025-15390
A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for...
CVE-2025-15390
A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for...
CVE-2025-15390 PHPGurukul Small CRM edit-user.php authorization
A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for...
CVE-2025-15390
A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for...
EUVD-2025-206030
A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited...
CVE-2025-15390
CVE-2025-15390 affects PHPGurukul Small CRM 4.0. The vulnerability is in the file /admin/edit-user.php where missing authorization can be exploited remotely to perform unauthorized actions. Multiple sources (NVD/Red Hat/CVE lists) consistently describe a remote-access vulnerability with publicly ...
PHPGurukul Small CRM 安全漏洞
PHPGurukul Small CRM is a customer relationship management system from PHPGurukul. A security vulnerability exists in PHPGurukul Small CRM version 4.0, which stems from a missing authorization in the file /admin/edit-user.php, which could lead to a remote attack...
PT-2025-54354
Name of the Vulnerable Software and Affected Versions PHPGurukul Small CRM version 4.0 Description A security flaw exists in PHPGurukul Small CRM 4.0, impacting an unknown function within the /admin/edit-user.php file. This allows for missing authorization, enabling remote attacks. The exploit fo...
CVE-2025-14226 itsourcecode Student Management System edit_user.php sql injection
A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and...
CVE-2025-14226
CVE-2025-14226 affects itsourcecode Student Management System 1.0 with a SQL injection in /edit_user.php via the fname parameter. Exploitation can be remote; public PoC exists. Public reports (CNVD/Red Hat/NVD) confirm the flaw. Remediation guidance suggests sanitizing/validating the fname parame...
CVE-2025-14226 itsourcecode Student Management System edit_user.php sql injection
A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and...
PT-2025-47104
Name of the Vulnerable Software and Affected Versions itsourcecode Inventory Management System version 1.0 Description A security issue has been identified in itsourcecode Inventory Management System version 1.0. The issue involves a SQL injection vulnerability present in an unknown function with...
CVE-2020-36858
Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...
EUVD-2020-30817
Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...
CVE-2020-36858
Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...
CVE-2020-36858
Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...
CVE-2020-36858 Nagios Log Server < 2.1.6 XSS via Create User, Edit User, & Manage Host Lists Pages
Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...