292 matches found
PT-2025-50836
The Paypal Payment Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttom image' parameter of the paypal-shortcode shortcode in all versions up to, and including, 1.01 due to insufficient input sanitization and output escaping. This makes it possible for...
SourceCodester Real Estate Property Listing App 安全漏洞
SourceCodester Real Estate Property Listing App is an open source real estate listing application from SourceCodester. A security vulnerability exists in version 1.0 of the SourceCodester Real Estate Property Listing App, which stems from an incorrect manipulation of the parameter image in file...
PT-2025-50647
Name of the Vulnerable Software and Affected Versions SourceCodester Real Estate Property Listing App version 1.0 Description A flaw exists in SourceCodester Real Estate Property Listing App version 1.0 that allows for unrestricted file uploads. This is due to manipulation of the image argument...
CVE-2025-14219
A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/adminrunning.php. Executing a manipulation of the argument productimage can lead to unrestricted upload. It is possible to launch the attack remotely...
CampCodes Retro Basketball Shoes Online Store 安全漏洞
CampCodes Retro Basketball Shoes Online Store is an online store for retro basketball shoes from CampCodes, Inc. A security vulnerability exists in Campcodes Retro Basketball Shoes Online Store version 1.0, which stems from incorrect manipulation of the parameter productimage in the file...
CVE-2025-65879
CVE-2025-65879 — Normal mode Warehouse Management System 1.2 is affected by an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server’s UPLOAD_PATH and passed to File.delete(...
EUVD-2025-198594
A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /addbook.php. The manipulation of the argument image results in unrestricted upload. The attack can be executed remotely. The exploit has been released t...
CVE-2025-13573
A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /addbook.php. The manipulation of the argument image results in unrestricted upload. The attack can be executed remotely. The exploit has been released t...
Projectworlds Advanced Library Management System 代码问题漏洞
Projectworlds Advanced Library Management System is an advanced library management system from Projectworlds India. A code issue vulnerability exists in Projectworlds Advanced Library Management System version 1.0 and prior versions, which stems from the incorrect manipulation of the parameter...
PT-2025-47867
A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /add book.php. The manipulation of the argument image results in unrestricted upload. The attack can be executed remotely. The exploit has been released ...
CVE-2025-13423
A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/adminproduct.php. Executing a manipulation of the argument productimage can lead to unrestricted upload. The attack may be launched remotely. The exploit has...
Projectworlds Online Notes Sharing Platform 安全漏洞
Projectworlds Online Notes Sharing Platform is an online notes sharing platform from Projectworlds India. A security vulnerability exists in Projectworlds Online Notes Sharing Platform version 1.0, which stems from an incorrect manipulation of the parameter image in the file...
CVE-2025-12201
A vulnerability was identified in ajayrandhawa User-Management-PHP-MYSQL up to fedcf58797bf2791591606f7b61fdad99ad8bff1. This affects an unknown part of the file /admin/edit-user.php of the component User Management Interface. Such manipulation of the argument image leads to unrestricted upload. ...
PT-2025-43759
Name of the Vulnerable Software and Affected Versions ajayrandhawa User-Management-PHP-MYSQL versions prior to fedcf58797bf2791591606f7b61fdad99ad8bff1 Description A flaw exists within the User Management Interface component of the software, specifically concerning file uploads. Manipulation of t...
User-Management-PHP-MYSQL 代码问题漏洞
User-Management-PHP-MYSQL is a secure user management system by Ajay Randhawa Personal Developer. A code issue vulnerability exists in User-Management-PHP-MYSQL that stems from incorrect manipulation of the parameter image in the file /admin/edit-user.php, which could lead to arbitrary file uploa...
CVE-2025-61488
An issue in Senayan Library Management System SLiMS 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrapimage.php component and the imageURL parameter...
CVE-2025-61488
An issue in Senayan Library Management System SLiMS 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrapimage.php component and the imageURL parameter...
Online Hotel Reservation System editpicexec.php file arbitrary file upload vulnerability
Online Hotel Reservation System is an online hotel reservation system. Online Hotel Reservation System has an arbitrary file upload vulnerability that stems from a lack of valid validation of uploaded files by the parameter image in the file /admin/editpicexec.php. No details of the vulnerability...
Online Hotel Reservation System addslideexec.php file arbitrary file upload vulnerability
Online Hotel Reservation System is an online hotel reservation system. Online Hotel Reservation System has an arbitrary file upload vulnerability that stems from a lack of valid validation of uploaded files by the parameter image in the file /admin/addslideexec.php. No details of the vulnerabilit...
CVE-2025-11426
A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /editbook.php. The manipulation of the argument image results in unrestricted upload. It is possible to launch the attack remotely. T...