CVE-2026-4972 code-projects Online Reviewer System btn_functions.php cross site scripting

A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btnfunctions.php. Such manipulation of the argument Description leads to cross site scripting. The attack may be...

CVE-2026-2222

A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btnfunctions.php. Executing a manipulation of the argument firstname can lead to cross site scripting. The attack m...

CVE-2026-2224

A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btnfunctions.php. The manipulation of the argument firstname results in cross site scripting. It is possible to launch the attack remotely. The...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002072)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002072 advisory. The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service memory consumption by triggering a large number of...

EUVD-2018-11248

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-8427

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters. CVE-2019-8427 Note that Nessus relies on...

CVE-2022-24221

eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php...

CVE-2024-6957

A vulnerability classified as critical has been found in itsourcecode University Management System 1.0. This affects an unknown part of the file functions.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely...

PT-2024-37996 · Unknown · Itsourcecode University Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode University Management System version 1.0 Description: A critical issue has been found in the itsourcecode University Management System. This issue affects the Login component, specifically the file functions.php. The manipulation...

CVE-2024-3627

The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This makes it possible...

CVE-2023-46789

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic1' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database...

PT-2023-30220 · Unknown · Online Matrimonial Project

Name of the Vulnerable Software and Affected Versions: Online Matrimonial Project version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the day parameter in the register function of the functions.php resource does not validate the...

WordPress Plugin Most Popular Posts Widget SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Most Popular Posts Widget...

PT-2023-26271 · Sourcecodester · Sourcecodester House Rental/Property Listing

Name of the Vulnerable Software and Affected Versions: SourceCodester House Rental and Property Listing System version 1.0 Description: A critical vulnerability was found in the system, affecting an unknown function of the file btn functions.php. This issue leads to unrestricted upload and can be...

PT-2023-23987 · Code Projects · Supplier Management System

Name of the Vulnerable Software and Affected Versions: code-projects Supplier Management System version 1.0 Description: A critical issue has been found in the Picture Handler component of the Supplier Management System, affecting an unknown function of the file btn functions.php. This issue lead...

CVE-2020-36723

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the /listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email...

WordPress Theme ListingPro - WordPress Directory & Listing 安全漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. WordPress Theme ListingPro - A security vulnerability exists in WordPress Directory & Listing version...

PT-2023-23072 · Code Projects · Agro-School Management System

Name of the Vulnerable Software and Affected Versions: code-projects Agro-School Management System version 1.0 Description: A critical issue has been found in the system. The doUpdateQuestion function of the file btn functions.php is affected. The manipulation of the question id argument leads to...

PT-2023-22801 · Code Projects · Agro-School Management System

Name of the Vulnerable Software and Affected Versions: code-projects Agro-School Management System version 1.0 Description: A vulnerability has been found in the code-projects Agro-School Management System, affecting the function doAddQuestion of the file btn functions.php. The manipulation of th...

CVE-2021-39314

The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the /includes/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...