43 matches found
CVE-2018-25343 Smartshop 1 Cross-Site Request Forgery via editprofile.php
Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting editprofile.php with hidden fields for email and password parameters that...
CVE-2018-25343 Smartshop 1 Cross-Site Request Forgery via editprofile.php
Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting editprofile.php with hidden fields for email and password parameters that...
Student Information System /editprofile.php File SQL Injection Vulnerability
Student Information System is a student information system. Student Information System is vulnerable to a SQL injection vulnerability that originates from the /editprofile.php file not effectively filtering user input. No details of the vulnerability are available at this time...
CVE-2025-13245
A vulnerability was identified in code-projects Student Information System 2.0. The impacted element is an unknown function of the file /editprofile.php. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be...
CVE-2025-13245
CVE-2025-13245 affects code-projects Student Information System 2.0. The vulnerability lies in an unspecified function within /editprofile.php that mishandles input, enabling cross-site scripting. Exploitation can be performed remotely, and publicly available exploits exist. Several connected sou...
CVE-2025-13243
A vulnerability was found in code-projects Student Information System 2.0. Impacted is an unknown function of the file /editprofile.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...
CVE-2025-13243
A vulnerability was found in code-projects Student Information System 2.0. Impacted is an unknown function of the file /editprofile.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...
PT-2025-47078
Name of the Vulnerable Software and Affected Versions code-projects Student Information System version 2.0 Description A SQL injection issue exists in code-projects Student Information System 2.0. The issue is located in the /editprofile.php file, within an unknown function. Remote attackers can...
EUVD-2023-58656
Malicious code in bioql PyPI...
CVE-2025-6351 itsourcecode Employee Record Management System editprofile.php sql injection
A vulnerability was found in itsourcecode Employee Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /editprofile.php. The manipulation of the argument emp1name leads to sql injection. The attack may be initiated remotely. The...
CVE-2025-6351
The CVE-2025-6351 entry concerns itsourcecode Employee Record Management System 1.0. The vulnerability resides in the /editprofile.php handling, where manipulating the emp1name parameter leads to SQL injection. Reports indicate a remote attack vector and that the exploit has been publicly disclos...
itsourcecode Employee Record Management System 1.0 注入漏洞
itsourcecode Employee Record Management System is itsourcecode open source employee record management system . An injection vulnerability exists in version 1.0 of itsourcecode Employee Record Management System, which is caused by incorrect manipulation of the emp1name parameter in the file...
Cross site scripting
A vulnerability was found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Employer/EditProfile.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely...
CVE-2024-1972 SourceCodester Online Job Portal EditProfile.php cross site scripting
A vulnerability was found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Employer/EditProfile.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely...
CVE-2024-1972 SourceCodester Online Job Portal EditProfile.php cross site scripting
A vulnerability was found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Employer/EditProfile.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely...
CVE-2023-6419
A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via editprofile.php in multiple parameters, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an...
CVE-2023-6410
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via editprofile.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retriev...
CVE-2023-6419 Cross-site Scripting vulnerability in Voovi Social Networking Script
A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via editprofile.php in multiple parameters, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an...
CVE-2023-6419
CVE-2023-6419 is a reported cross-site scripting vulnerability in Voovi Social Networking Script 1.0. The issue is an XSS via editprofile.php in multiple parameters, allowing a remote attacker to send a crafted JavaScript payload and partially take over an authenticated user’s browser session. Th...
CVE-2023-6410 SQL injection in Voovi Social Networking Script
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via editprofile.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retriev...