CVE-2026-42840

An authenticated user can persist arbitrary HTML/JavaScript in the emailid or mobileno fields of a Customer record and trigger unescaped rendering in the Point of Sale POS interface for every operator who selects that customer. This issue affects ERPNext: 16.16.0...

CVE-2026-9542

A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/addstaff.php. Executing a manipulation of the argument emailid can lead to sql injection. The attack can be launched remotely. The exploit has been made availabl...

CVE-2026-9542 CodeAstro Leave Management System add_staff.php sql injection

A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/addstaff.php. Executing a manipulation of the argument emailid can lead to sql injection. The attack can be launched remotely. The exploit has been made availabl...

CVE-2026-9542

A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/addstaff.php. Executing a manipulation of the argument emailid can lead to sql injection. The attack can be launched remotely. The exploit has been made availabl...

Student Record System admin-profile.php file cross-site scripting vulnerability

Student Record System is a software application. Student Record System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the adminname and aemailid parameters of admin-profile.php, which can be exploited to...

CVE-2024-44660

PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and contactno parameters in login.php...

CVE-2024-44660

PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and contactno parameters in login.php...

EUVD-2024-55084

PHPGurukul Student Record System 3.20 is vulnerable to Cross Site Scripting XSS via adminname and aemailid parameters in /admin-profile.php...

CVE-2025-11424

A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. This impacts an unknown function of the file /login.php. Executing manipulation of the argument emailid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclos...

EUVD-2020-28909

Malware in sbrugna...

EUVD-2019-7519

Malware in sbrugna...

EUVD-2020-19891

Malware in sbrugna...

EUVD-2022-52566

Malicious code in bioql PyPI...

EUVD-2022-4450

Malicious code in bioql PyPI...

User Management System login.php File SQL Injection Vulnerability

User Management System is a user management system. User Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter emailid in the file /login.php. An attacker can exploit this vulnerability to...

User Management System admin/change-emailid.php File SQL Injection Vulnerability

User Management System is a user management system. User Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter uid in the file /admin/change-emailid.php against externally entered SQL statements. An attacker can exploit this...

CVE-2025-9756

A vulnerability was found in PHPGurukul User Management System 1.0. This impacts an unknown function of the file /admin/change-emailid.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2025-9756

The CVE-2025-9756 entry concerns PHPGurukul User Management System v1.0, with a flaw in /admin/change-emailid.php where manipulating the uid parameter leads to SQL injection. Exploitation is remote and the exploit has been published. Public sources consistently describe a SQL injection in the uid...

CVE-2020-7993

Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation on behalf of other user accounts via a modified email ID field...

1000 Projects Attendance Tracking Management System 注入漏洞

1000 Projects Attendance Tracking Management System is an open source attendance management system from 1000 Projects. An injection vulnerability exists in 1000 Projects Attendance Tracking Management System version 1.0, which originates from an SQL injection vulnerability in the studentemailid...