CVE-2018-25370 Admidio 3.3.5 Cross-Site Request Forgery via roles_function.php

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious HTML forms targeting rolesfunction.php with parameters like rolassignroles, rolapproveusers, and...

CVE-2026-5827 code-projects Simple IT Discussion Forum question-function.php sql injection

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public a...

CVE-2025-15373

A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be use...

CVE-2025-13395

A security flaw has been discovered in codehub666 94list up to 5831c8240e99a72b7d3508c79ef46ae4b96befe8. The impacted element is the function Login of the file /function.php. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released to the publi...

SourceCodester Wedding Reservation Management System SQL注入漏洞

SourceCodester Wedding Reservation Management System is a SourceCodester open source wedding reservation management system. SourceCodester Wedding Reservation Management System version 1.0 has a SQL injection vulnerability, the vulnerability stems from the incorrect operation of the function...

CVE-2022-24608

Luocms v2.0 is affected by Cross Site Scripting XSS in /admin/news/sortadd.php and /inc/function.php...

Linux Distros Unpatched Vulnerability : CVE-2015-8867

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The opensslrandompseudobytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the...

Medical Certificate Generator App SQL注入漏洞

The Medical Certificate Generator App is a simple web application for medical clinics. A SQL injection vulnerability exists in Medical Certificate Generator App, which stems from the id parameter of the deleterecord method on the function.php page, which can lead to an SQL injection...

UBUNTU-CVE-2020-35132

An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via getrequest in lib/function.php...