CVE-2026-7612

A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edituser.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may ...

PT-2026-28743

Name of the Vulnerable Software and Affected Versions BichitroGan ISP Billing Software version 2025.3.20 Description A flaw exists in BichitroGan ISP Billing Software that allows for improper control of resource identifiers. The issue is located within an unknown function of the file ‘/?...

CVE-2026-3812

A vulnerability was determined in itsourcecode Payroll Management System 1.0. Affected is an unknown function of the file /manageemployeeallowances.php. This manipulation of the argument ID causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been public...

CVE-2025-14832

A vulnerability was identified in itsourcecode Online Cake Ordering System 1.0. The affected element is an unknown function of the file /updateproduct.php?action=edit. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicl...

Sergestec Exito 安全漏洞

Sergestec Exito is a sales platform from Sergestec, Inc. A security vulnerability exists in Sergestec Exito version v8.0, which stems from incorrect manipulation of the parameter id in the file /admin/ticketa4.php, which could lead to unsafe direct object references...

CVE-2025-7220

A vulnerability was found in Campcodes Payroll Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=savedeductions. The manipulation of the argument ID leads to sql injection. The attack can be launched...

PT-2025-20411 · Phplist · Phplist

Name of the Vulnerable Software and Affected Versions: phpList versions 3.6.3 through 3.6.14 Description: The issue concerns Reflected Cross-Site Scripting XSS via the "/lists/dl.php" endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly...

pixiv: Bypassing Inbox Privacy Settings and Enabling Spam on Pixiv.net

A vulnerability was discovered in the messaging system of Pixiv.net. The vulnerability allowed any user to bypass the inbox privacy settings and send messages to another user who had disabled their inbox. The vulnerability was triggered by manipulating the id parameter in the message-sending POST...

CVE-2024-25270

Mirapolis LMS 4.6.XX contains an IDOR vulnerability that authenticated users can exploit by manipulating the ID parameter and incrementing the STEP parameter, potentially exposing sensitive user data. Root cause: insecure direct object reference in the affected endpoint. Affected product/version:...

Establishment Billing Management System SQL注入漏洞

Establishment Billing Management System is a billing management system by oretnom23 Individual Developer. An SQL injection vulnerability exists in the Establishment Billing Management System version 1.0, which stems from an incorrect manipulation of the parameter id that can lead to sql injection...

Movie Ticket Booking System 安全漏洞

Movie Ticket Booking System is a movie ticket booking system by Aman sharma individual developer. Movie Ticket Booking System has a security vulnerability that stems from a problem with unknown code in the file booking.php, where manipulation of the parameter id can lead to sql injection...

CVE-2019-17604

An Insecure Direct Object Reference IDOR vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information first name, last name, email, CV, phone number, and all other personal information by changing the value of the candidate id the id...