Lucene search
+L

1495 matches found

EUVD
EUVD
added 2026/05/30 2:55 p.m.13 views

EUVD-2018-21933

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
NVD
NVD
added 2026/05/30 8:16 a.m.22 views

CVE-2026-10111

A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The...

7.5CVSS0.00259EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/30 7:45 a.m.16 views

EUVD-2026-33450

A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The...

7.5CVSS6.7AI score0.00259EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.12 views

Student-Management-System SQL注入漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. Version 1.0 of Student-Management-System has a SQL injection vulnerability; this vulnerability stems from the email parameter on the login page, which may lead to remote attacks...

7.5CVSS7.2AI score0.00259EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 7:16 a.m.19 views

CVE-2026-8787

The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the firebaseauth function authenticating the request as the WordPress user whose email is supplied in the useremail POST parameter without...

8.8CVSS0.00283EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.14 views

CVE-2026-8787

The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the firebaseauth function authenticating the request as the WordPress user whose email is supplied in the useremail POST parameter without...

6AI score0.00283EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.39 views

CVE-2026-8787 Firebase Support & Chat Management <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the firebaseauth function authenticating the request as the WordPress user whose email is supplied in the useremail POST parameter without...

8.8CVSS0.00283EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-43507

Name of the Vulnerable Software and Affected Versions Firebase Support & Chat Management plugin for WordPress versions prior to 3.1.2 Description An issue allows authenticated attackers with Subscriber-level access or higher to escalate privileges and achieve full account takeover. The firebase...

8.8CVSS5.8AI score0.00283EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

CodeAstro Leave Management System SQL注入漏洞

The CodeAstro Leave Management System is a leave management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Leave Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of the emailid parameter by an unknown function in the file...

6.5CVSS6.6AI score0.00196EPSS
Exploits0References6
NVD
NVD
added 2026/05/25 3:16 p.m.22 views

CVE-2018-25372

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads ...

8.8CVSS0.00305EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/25 2:15 p.m.13 views

CVE-2018-25372 MedDream PACS Server Premium 6.7.1.1 SQL Injection via email

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads ...

8.8CVSS6.1AI score0.00305EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/25 2:15 p.m.15 views

EUVD-2018-21895

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads ...

8.8CVSS6.1AI score0.00305EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.13 views

SB Admin SQL注入漏洞

SB Admin is a Bootstrap based open source admin backend template by Yash Pokharna individual developer. SB Admin has a SQL injection vulnerability that originates from the parameter FIRSTNAME/LastName/EMAIL operation of the function confirmloggedin in the file studenttrans.php, which could lead t...

7.5CVSS7.2AI score0.00319EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/23 6:30 p.m.16 views

EUVD-2018-21863

Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting editprofile.php with hidden fields for email and password parameters that...

5.3CVSS5.8AI score0.00132EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/11 2:21 a.m.15 views

CVE-2025-65134

In manikandan580 School-management-system 1.0, a reflected cross-site scripting XSS vulnerability exists in /studentms/admin/contact-us.php via the email POST parameter...

6.1CVSS5.6AI score0.00181EPSS
Exploits1References1
NVD
NVD
added 2026/05/07 9:16 p.m.20 views

CVE-2026-8098

A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

7.5CVSS0.00254EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/07 8:30 p.m.10 views

CVE-2026-8098 code-projects Feedback System checklogin.php sql injection

A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/07 8:30 p.m.39 views

CVE-2026-8098 code-projects Feedback System checklogin.php sql injection

A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

7.5CVSS0.00254EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.19 views

PT-2026-38590

Name of the Vulnerable Software and Affected Versions code-projects Feedback System version 1.0 Description A SQL injection flaw exists in the /admin/checklogin.php file. Remote attackers can exploit this by manipulating the email argument. SQL injection is a technique where malicious SQL...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/05 3:31 a.m.9 views

EUVD-2026-27201

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

6.1CVSS6AI score0.00219EPSS
Exploits0References7
Rows per page
Query Builder