CVE-2018-25195

Wecodex Hotel CMS 1.0 contains an SQL injection in the admin login flow. The vulnerability allows unauthenticated attackers to bypass authentication by injecting SQL through the username field in a POST to index.php?action=processlogin, enabling extraction of sensitive data or unauthorized admin ...

CVE-2025-50972

SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmplid parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP, and...

PHPGurukul Hospital Management System 安全漏洞

Hospital Management System is a PHP and MySQL based hospital management system. Hospital Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the username parameter of index.php. No details of the vulnerability a...

CVE-2025-55420

A Reflected Cross Site Scripting XSS vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input...

CVE-2025-9147

CVE-2025-9147 affects the jasonclark getsemantic package up to version 040c96eb8cf9947488bd01b8de99b607b0519f7d. The vulnerability is a cross-site scripting flaw in an unknown function triggered by manipulating the view argument in /index.php. Remote exploitation is possible, and an exploit has b...

CVE-2025-40729

Reflected Cross-Site Scripting XSS in /customersupport/index.php in Customer Support System v1.0, which allows remote attackers to execute arbitrary code via the page parameter...

Job Recruitment 安全漏洞

Job Recruitment by code-projects is a job portal project developed using PHP, CSS, JavaScript, and MySQL technologies. A security vulnerability exists in Job Recruitment version 1.0, which originates from a SQL injection vulnerability in the email parameter of the /index.php page...

CVE-2024-1970

A vulnerability, which was classified as problematic, was found in SourceCodester Online Learning System V2 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit h...

SourceCodester Library System SQL Injection Vulnerability

Library System is a library management system by nurhodelta17 individual developer. SourceCodester Library System version 1.0 suffers from a SQL injection vulnerability that stems from the parameter category in the file index.php that causes sql injection...

CVE-2023-40753

There is a Cross Site Scripting XSS vulnerability in the message parameter of index.php in PHPJabbers Ticket Support Script v3.2...

PT-2023-27785 · Phpjabbers · Phpjabbers Availability Booking Calendar

Name of the Vulnerable Software and Affected Versions: PHP Jabbers Availability Booking Calendar version 5.0 Description: A vulnerability has been found in the software, classified as problematic. It affects an unknown functionality of the file /index.php. The manipulation of the session id...

Night Club Booking Software Cross-Site Scripting Vulnerability

Night Club Booking Software is a PHP Jabbers open source night club booking software. PHP Jabbers Night Club Booking Software version 1.0 suffers from a cross-site scripting vulnerability that stems from the parameter index in the file /index.php can lead to cross-site scripting...

CVE-2023-3562

A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack can be initiated remotely. The identifier of this...

CVE-2023-24648

Zstore v6.6.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /index.php...

REDAXO CMS Cross-Site Request Forgery Vulnerability

REDAXO CMS is an open source content management system CMS. The system supports custom modules , plug-in extensions , project backup and so on. A cross-site request forgery vulnerability exists in REDAXO CMS version 4.7.2. A remote attacker can add an administrator account with the help of...