Lucene search
K

14 matches found

NVD
NVD
added 2026/06/19 6:16 p.m.11 views

CVE-2019-25756

Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. Attackers can send GET requests to the vaccount-dashboard/expense endpoint with crafted SQL payloa...

8.8CVSS0.00366EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 5:28 p.m.6 views

EUVD-2019-20192

Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. Attackers can send GET requests to the vaccount-dashboard/expense endpoint with crafted SQL payloa...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 5:28 p.m.4 views

CVE-2019-25756

Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. Attackers can send GET requests to the vaccount-dashboard/expense endpoint with crafted SQL payloa...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/19 5:28 p.m.17 views

CVE-2019-25756 Joomla! Component vAccount 2.0.2 SQL Injection via vaccount-dashboard

Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. Attackers can send GET requests to the vaccount-dashboard/expense endpoint with crafted SQL payloa...

8.8CVSS0.00366EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 5:28 p.m.11 views

CVE-2019-25756

CVE-2019-25756 affects Joomla! Component vAccount 2.0.2. The vulnerability is an SQL injection in the vaccount-dashboard/expense endpoint, where an unauthenticated attacker can inject payloads via the vid parameter to perform arbitrary SQL queries and exfiltrate sensitive data such as database ve...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References4
CVE
CVE
added 2026/03/12 3:36 p.m.9 views

CVE-2019-25473

CVE-2019-25473 affects Clinic Pro via SQL injection on the monthly_expense_overview endpoint, exploitable by authenticated users through the month parameter. Root cause: improper input handling enabling boolean/time-based/error-based SQL injection. Impact: confidentiality impact HIGH; integrity L...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.7 views

PT-2026-24963

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthly expense overview endpoint with crafted month values using boolean-based blind,...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References3
NVD
NVD
added 2025/09/29 9:15 a.m.5 views

CVE-2025-10343

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'expensename' at the endpoint '/expenses/expense'...

6.1CVSS0.00221EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.10 views

PT-2025-7080 · Unknown · Phpgurukul Daily Expense Tracker System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Daily Expense Tracker System version 1.1 Description: The issue concerns a SQL Injection vulnerability in the /dets/add-expense.php endpoint via the costitem parameter. This allows for potential exploitation of the system. No...

9.8CVSS7.8AI score0.00458EPSS
Exploits1References4
OSV
OSV
added 2024/08/15 3:15 a.m.4 views

CVE-2024-7811

A vulnerability classified as critical has been found in SourceCodester Daily Expenses Monitoring App 1.0. This affects an unknown part of the file /endpoint/delete-expense.php. The manipulation of the argument expense leads to sql injection. It is possible to initiate the attack remotely. The...

9.8CVSS5.8AI score0.00609EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/08/14 12:0 a.m.6 views

PT-2024-38598 · Unknown · Sourcecodester Daily Expenses Monitoring App

Name of the Vulnerable Software and Affected Versions: SourceCodester Daily Expenses Monitoring App version 1.0 Description: A critical issue has been found in the SourceCodester Daily Expenses Monitoring App, affecting an unknown part of the file /endpoint/delete-expense.php. The manipulation of...

9.8CVSS7.2AI score0.00609EPSS
Exploits1References10
OSV
OSV
added 2024/02/14 3:15 p.m.5 views

CVE-2024-25210

Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/deleteexpense.php...

9.8CVSS5.8AI score0.00814EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/02/14 12:0 a.m.4 views

Expense Tracker SQL Injection Vulnerability

Expense Tracker is an expense tracker organized by SourceCode and Projects. A security vulnerability exists in Expense Tracker v1.0, which stems from a SQL injection vulnerability in the file /endpoint/deleteexpense.php...

9.8CVSS7.9AI score0.00814EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/03/29 12:0 a.m.16 views

PT-2023-17171 · Sourcecodester · Earnings/Expense Tracker App

Name of the Vulnerable Software and Affected Versions: SourceCodester Earnings and Expense Tracker App version 1.0 Description: A problematic vulnerability has been found in the software, affecting an unknown part of the file, specifically the "Master.php?a=save expense" endpoint. The manipulatio...

6.1CVSS6.9AI score0.00363EPSS
Exploits0References3
Rows per page
Query Builder