CVE-2026-34384

Admidio vulnerability CVE-2026-34384: Before 5.0.8, the approval modes create_user, assign_member, and assign_user in modules/registration.php accepted GET-based requests with no CSRF validation, allowing an attacker with a pending registration and a rol_approve_users right to auto-approve or mer...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CEL-based HTTP functions. An attacker can make unauthorized network requests to internal or external resources and exfitrate sensitive information AWS IAM credentials, GCP tokens by crafting...

CVE-2018-25221

EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets...

CVE-2018-25221

Affected product: EChat Server 3.1. Vulnerability: Buffer overflow in the chat.ghp endpoint, exploitable by sending a GET request with an oversized username value, leading to remote code execution in the application context. The provided description states that shellcode and ROP gadgets can be us...

PT-2026-28257

EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets...

CVE-2026-22202

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by crafting a malicious GET request with a valid HMAC key. Attackers can embed the deletecomments action URL in image tags or other resources to...

CVE-2026-3021

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL...

Use of GET Request Method With Sensitive Query Strings

Overview Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings in the token URL query parameter, which is accepted by the authentication process. An attacker can obtain sensitive API credentials by accessing logs, browser history, clipboard...

EUVD-2019-20016

Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL payloads in the 'id'...

EUVD-2026-14732

A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like getParameterMap, the server prematurely parses and stores this content to...

CVE-2026-3260

CVE-2026-3260 affects Undertow and enables Denial of Service via premature multipart/form-data parsing when a GET request with multipart/form-data is processed (e.g., via getParameterMap). The issue is caused by content being parsed and stored to disk during parameter handling, leading to resourc...

CVE-2026-3260

A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like getParameterMap, the server prematurely parses and stores this content to...

CVE-2026-4568 SourceCodester Sales and Inventory System HTTP GET Request update_supplier.php sql injection

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /updatesupplier.php of the component HTTP GET Request Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit h...

CVE-2026-4568

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /updatesupplier.php of the component HTTP GET Request Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit h...

PT-2026-27041

Name of the Vulnerable Software and Affected Versions SourceCodester Sales and Inventory System version 1.0 Description A SQL injection issue exists in SourceCodester Sales and Inventory System version 1.0. The issue is located in the HTTP GET Request Handler component, specifically within the...

SourceCodester Sales and Inventory System SQL注入漏洞

The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from improper handling of the sid...

CVE-2019-25578

phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews parameter to extract...

CVE-2026-32844 XinLiangCoder / php_api_doc Reflected XSS via list_method.php

XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...

CVE-2026-32817

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the documents and files module does not verify whether the current user has permission to delete folders or files. The folderdelete and filedelete action handlers in modules/documents-files.php only perform a VIE...

CVE-2026-32817 Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the documents and files module does not verify whether the current user has permission to delete folders or files. The folderdelete and filedelete action handlers in modules/documents-files.php only perform a VIE...