CVE-2025-65791

CVE-2025-65791 affects ZoneMinder v1.36.34. Public sources describe a Command Injection in web/views/image.php where unsanitized user input is passed to PHP’s exec() function. The supplier disputes presence of unsanitized input in that file. Connected documents confirm the issue but do not provid...

PHPGurukul Boat Booking System 安全漏洞

PHPGurukul Boat Booking System is a boat booking system from PHPGurukul. A security vulnerability exists in version 1.0 of the PHPGurukul Boat Booking System, which stems from an Image Upload Mechanism parameter in change-image.php that allows a local attacker to upload malicious PHP scripts...

CVE-2024-10161

A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate th...

CVE-2024-10161 PHPGurukul Boat Booking System Update Boat Image Page change-image.php unrestricted upload

A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate th...

CVE-2024-10161 PHPGurukul Boat Booking System Update Boat Image Page change-image.php unrestricted upload

A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate th...

PT-2024-16074 · Unknown · Phpgurukul Boat Booking System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Boat Booking System version 1.0 Description: A critical issue was found in the PHPGurukul Boat Booking System, affecting the file change-image.php of the component Update Boat Image Page. The manipulation of the image argument lead...

CVE-2022-36198

Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and...

CVE-2019-3810

A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its acces...