Lucene search
K

284 matches found

CNNVD
CNNVD
added 2026/01/28 12:0 a.m.9 views

Code-Projects Online Music Site SQL Injection Vulnerability

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters related to files, administrators, and the...

9.8CVSS7.2AI score0.00416EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/09 12:33 p.m.4 views

CVE-2023-31703

Cross Site Scripting XSS in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter...

9CVSS6.6AI score0.04475EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/01/01 3:32 p.m.5 views

CVE-2025-15390

A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for...

8.8CVSS6.2AI score0.00345EPSS
Exploits1References1
NVD
NVD
added 2025/12/31 4:15 p.m.8 views

CVE-2025-15390

A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for...

8.8CVSS0.00345EPSS
Exploits1References5
OSV
OSV
added 2025/12/31 4:15 p.m.4 views

CVE-2025-15390

A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for...

8.8CVSS5.5AI score0.00345EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/31 3:32 p.m.3 views

CVE-2025-15390 PHPGurukul Small CRM edit-user.php authorization

A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for...

6.5CVSS6.2AI score0.00345EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2025/12/31 3:32 p.m.7 views

CVE-2025-15390

A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for...

8.8CVSS5.2AI score0.00345EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2025/12/31 3:32 p.m.4 views

EUVD-2025-206030

A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited...

6.5CVSS6.2AI score0.00345EPSS
Exploits1References7
CVE
CVE
added 2025/12/31 3:32 p.m.9 views

CVE-2025-15390

CVE-2025-15390 affects PHPGurukul Small CRM 4.0. The vulnerability is in the file /admin/edit-user.php where missing authorization can be exploited remotely to perform unauthorized actions. Multiple sources (NVD/Red Hat/CVE lists) consistently describe a remote-access vulnerability with publicly ...

8.8CVSS6.2AI score0.00345EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.6 views

PHPGurukul Small CRM 安全漏洞

PHPGurukul Small CRM is a customer relationship management system from PHPGurukul. A security vulnerability exists in PHPGurukul Small CRM version 4.0, which stems from a missing authorization in the file /admin/edit-user.php, which could lead to a remote attack...

8.8CVSS6.5AI score0.00345EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.5 views

PT-2025-54354

Name of the Vulnerable Software and Affected Versions PHPGurukul Small CRM version 4.0 Description A security flaw exists in PHPGurukul Small CRM 4.0, impacting an unknown function within the /admin/edit-user.php file. This allows for missing authorization, enabling remote attacks. The exploit fo...

8.8CVSS6.3AI score0.00345EPSS
Exploits1References11
Vulnrichment
Vulnrichment
added 2025/12/08 9:32 a.m.3 views

CVE-2025-14226 itsourcecode Student Management System edit_user.php sql injection

A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and...

7.5CVSS7AI score0.00339EPSS
Exploits1References5
CVE
CVE
added 2025/12/08 9:32 a.m.12 views

CVE-2025-14226

CVE-2025-14226 affects itsourcecode Student Management System 1.0 with a SQL injection in /edit_user.php via the fname parameter. Exploitation can be remote; public PoC exists. Public reports (CNVD/Red Hat/NVD) confirm the flaw. Remediation guidance suggests sanitizing/validating the fname parame...

9.8CVSS7AI score0.00339EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/12/08 9:32 a.m.27 views

CVE-2025-14226 itsourcecode Student Management System edit_user.php sql injection

A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and...

7.5CVSS0.00339EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.6 views

PT-2025-47104

Name of the Vulnerable Software and Affected Versions itsourcecode Inventory Management System version 1.0 Description A security issue has been identified in itsourcecode Inventory Management System version 1.0. The issue involves a SQL injection vulnerability present in an unknown function with...

9.8CVSS7.3AI score0.00346EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.14 views

CVE-2020-36858

Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...

5.4CVSS6.3AI score0.00466EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 12:30 a.m.5 views

EUVD-2020-30817

Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...

5.1CVSS5.8AI score0.00466EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 10:15 p.m.4 views

CVE-2020-36858

Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...

5.4CVSS5.9AI score0.00466EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 10:15 p.m.4 views

CVE-2020-36858

Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...

5.4CVSS0.00466EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/30 9:26 p.m.7 views

CVE-2020-36858 Nagios Log Server < 2.1.6 XSS via Create User, Edit User, & Manage Host Lists Pages

Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...

5.1CVSS0.00466EPSS
Exploits0References2
Rows per page
Query Builder