EUVD-2022-55990

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted...

CVE-2026-2427 itsukaita <= 0.1.2 - Reflected Cross-Site Scripting via 'day_from' Parameter

The itsukaita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dayfrom' and 'dayto' parameters in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

PT-2026-26836

The itsukaita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'day from' and 'day to' parameters in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

PT-2026-25139

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation key, subscription date, and imported from parameters to manipulat...

Code-Projects Simple Flight Ticket Booking System SQL注入漏洞

Code-Projects Simple Flight Ticket Booking System is a simple airline ticket booking system developed by Code-Projects. Version 1.0 of the code-projects Simple Flight Ticket Booking System has a SQL injection vulnerability. This vulnerability stems from the handling of the 'from' parameter in the...

CVE-2026-2431

CVE-2026-2431 affects the CM Custom Reports plugin for WordPress. All versions up to and including 1.2.7 are vulnerable due to insufficient input sanitization and output escaping on the date_from/date_to parameters, enabling a reflected Cross-Site Scripting (XSS) attack. This allows unauthenticat...

GHSA-43GX-6GV6-3JCP Products.isurlinportal has possible open redirect when using more than 2 forward slashes

Impact A url /login?camefrom=////evil.example may redirect to an external website after login. Standard Plone is not affected, but if you have customised the login, for example with add-ons, you might be affected. You can try the url to check if you are affected or not. Patches The problem has be...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via insufficient validation of FROM and TO parameters. An attacker can inject arbitrary SMTP headers or corrupt existing ones by including carriage return characters in email addresses. Remediation Upgrade...

CVE-2023-31703

Cross Site Scripting XSS in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter...

Projectworlds Advanced Library Management System SQL注入漏洞

Projectworlds Advanced Library Management System is an advanced library management system from Projectworlds India. A SQL injection vulnerability exists in projectworlds Advanced Library Management System version 1.0, which stems from incorrect manipulation of the parameter datefrom/dateto in the...

1000 Projects ABC Courier Management System 注入漏洞

1000 Projects ABC Courier Management System is an open source courier management system from 1000 Projects. An injection vulnerability exists in version 1.0 of 1000 Projects ABC Courier Management System, which originates from a SQL injection due to misuse of the From parameter in the file...

Vulnerability fixed in Roundcube Webmail

Roundcube has fixed a vulnerability in Roundcube Webmail specifically versions before 1.5.10 and 1.6.x before 1.6.11. An authenticated malicious party can exploit the vulnerability to execute arbitrary code. To do so, the malicious party must send a rogue HTTP request to the Roundcube application...

VulnCheck KEV: CVE-2025-49113

RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php...

UBUNTU-CVE-2025-49113

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...

PT-2024-17015 · WordPress · Debounce Email Validator

Name of the Vulnerable Software and Affected Versions: DeBounce Email Validator plugin for WordPress versions up to, and including, 5.6.5 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated...

CVE-2024-9429

A vulnerability has been found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter2.php. The manipulation of the argument from/to leads to sql injection. The attack can be launched remotely...

Code-Projects Restaurant Reservation System SQL注入漏洞

Code-Projects Restaurant Reservation System is a Code-Projects open source restaurant reservation system . Code-Projects Restaurant Reservation System version 1.0 suffers from a SQL injection vulnerability, which stems from the parameter from/to in the file /filter2.php that can lead to SQL...

PT-2024-39627 · Code Projects · Restaurant Reservation System

Name of the Vulnerable Software and Affected Versions: code-projects Restaurant Reservation System version 1.0 Description: A critical issue has been found in the Restaurant Reservation System, affecting an unknown functionality of the file /filter2.php. The manipulation of the from and to...

CVE-2024-9086

A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. Affected is an unknown function of the file /filter.php. The manipulation of the argument from/to leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

PT-2024-39420 · Unknown · Code-Projects Restaurant Reservation System

Name of the Vulnerable Software and Affected Versions: code-projects Restaurant Reservation System version 1.0 Description: A critical issue has been found in the code-projects Restaurant Reservation System. The manipulation of the from and to arguments in the /filter.php file leads to SQL...