EUVD-2020-30917

berliCRM 1.0.24 contains a SQL injection vulnerability in the 'srcrecord' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information...

CVE-2020-37006 berliCRM 1.0.24 - 'src_record' SQL Injection

berliCRM 1.0.24 contains a SQL injection vulnerability in the 'srcrecord' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information...

BerliCRM SQL Injection Vulnerability

berliCRM is a customer management system developed by the German company berliCRM. Version 1.0.24 of berliCRM contains a SQL injection vulnerability. This vulnerability stems from the srcrecord parameter in the index.php endpoint, which may lead to manipulative database queries...

CVE-2023-53926

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

CVE-2023-53926

CVE-2023-53926 affects PHPJabbers Simple CMS 5.0. A SQL injection in the 'column' parameter of the index.php endpoint can allow remote attackers to manipulate queries and potentially extract or modify database information. The vulnerability is documented across multiple sources (including RH, NVD...

CVE-2023-53926 PHPJabbers Simple CMS 5.0 SQL Injection via Column Parameter

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...

PT-2025-48158

OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...

CVE-2025-11348

A vulnerability was determined in Campcodes Online Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /index.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been...

Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure

/ Exploit Title : Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure Author : Byte Reaper Telegram : @ByteReaper0 CVE : CVE-2025-6082 Software Link : https://frp.wordpress.org/plugins/birth-chart-compatibility/ Description : Proof‑of‑Concept exploits the Full Path Disclosure bu...

PT-2024-34552 · Unknown · Phpgurukul Ifsc Code Finder Project

Name of the Vulnerable Software and Affected Versions: PHPGurukul IFSC Code Finder Project version 1.0 Description: A Reflected Cross Site Scripting XSS issue was discovered, allowing remote attackers to execute arbitrary code via the searchifsccode parameter in the /ifscfinder/index.php endpoint...

PT-2024-23640 · Netentsec · Netentsec Ns-Asg

Name of the Vulnerable Software and Affected Versions: netentsec NS-ASG version 6.3 Description: The issue is related to SQL Injection. It can be exploited via the "/3g/index.php" API endpoint. Recommendations: For netentsec NS-ASG version 6.3, consider restricting access to the "/3g/index.php"...

CVE-2023-41364

In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection...

PT-2022-8621 · Unknown · Zhimengzhe Ibarn

Name of the Vulnerable Software and Affected Versions: zhimengzhe iBarn version 1.5 Description: The issue allows remote attackers to run arbitrary code via avatar upload to "index.php". This is due to a file upload vulnerability in the upload function in action/Core.class.php. Recommendations: F...

CubeCart Stored Cross-Site Scripting Vulnerability

CubeCart is an open source PHP e-commerce software system. A stored cross-site scripting vulnerability exists in CubeCart. Due to insufficient filtering of user-supplied data via the "firstname" and "lastname" HTTP POST parameters passed to the "/index.php" script input, a remotely-authenticated...

PT-2010-1396 · Maxdev · Mforum

Name of the Vulnerable Software and Affected Versions: MDForum module versions 2.x through 2.07 for MAXdev MDPro Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the c parameter in the "index.php" endpoint. Recommendations: For MDFor...