CVE-2026-7822 itsourcecode Courier Management System print_pdets.php sql injection

A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /printpdets.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

PT-2026-32393

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete sales. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and...

mall-swarm 授权问题漏洞

mall-swarm is a microservice mall system. An authorization issue vulnerability exists in mall-swarm, which stems from incorrect manipulation of the parameter ids in the file /member/readHistory/delete, for which no detailed vulnerability details are provided at this time...

yudao-cloud 安全漏洞

yudao-cloud is a backend management system for YunaiV individual developers. A security vulnerability exists in yudao-cloud version 2025.09 and earlier, which stems from incorrect manipulation of the parameter ids/newOwnerUserId in the file /crm/business/transfer, which could lead to improper...

CVE-2025-10251

A vulnerability was detected in FoxCMS up to 1.24. Affected by this issue is the function batchCope of the file /app/admin/controller/Images.php. The manipulation of the argument ids results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used...

CVE-2025-8840

A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclos...

CVE-2025-8840

A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclos...

CVE-2025-8840

Summary (CVE-2025-8840, jshERP): Up to version 3.5, jshERP’s Endpoint component exposes an authorization flaw in the file /jshERP-boot/user/deleteBatch where manipulation of the argument ids enables a remote attack. Public exploit disclosure is noted. Several sources corroborate an improper autho...

CVE-2023-5266 DedeBIZ tags_main.php sql injection

A vulnerability, which was classified as critical, was found in DedeBIZ 6.2. This affects an unknown part of the file /src/admin/tagsmain.php. The manipulation of the argument ids leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...