CVE-2026-30556

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via...

EUVD-2025-29908

Malicious code in bioql PyPI...

CVE-2025-10813 code-projects Hostel Management System index.php sql injection

A vulnerability was found in code-projects Hostel Management System 1.0. Affected is an unknown function of the file /justines/admin/modreports/index.php. The manipulation of the argument Home results in sql injection. It is possible to launch the attack remotely. The exploit has been made public...

CVE-2025-10410

A security vulnerability has been detected in SourceCodester Link Status Checker 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument proxy leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed...

CVE-2025-9923

CVE-2025-9923 — Affected product: Campcodes Sales and Inventory System 1.0. The flaw is a cross-site scripting (XSS) vulnerability in an unknown part of the file /index.php, triggered by manipulating the page argument. The attack can be launched remotely, and exploits have been published. Public ...

PT-2024-37529 · Unknown · Simple Online Hotel Reservation System

Name of the Vulnerable Software and Affected Versions: Simple Online Hotel Reservation System version 1.0 Description: A critical issue has been identified, affecting the file index.php. The manipulation of the username argument leads to SQL injection. This issue can be exploited remotely...

CVE-2024-5635

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument txtsearch leads to sql injection. The attack can be launched remotely...

PT-2023-27835 · Phpjabbers · Php Jabbers Taxi Booking

Name of the Vulnerable Software and Affected Versions: PHP Jabbers Taxi Booking version 2.0 Description: A problematic vulnerability was found in the software, affecting an unknown functionality of the file /index.php. The manipulation of the index argument leads to cross-site scripting. The atta...

PT-2023-27814 · Unknown · Php Jabbers Service Booking Script

Name of the Vulnerable Software and Affected Versions: PHP Jabbers Service Booking Script version 1.0 Description: A vulnerability was found in the PHP Jabbers Service Booking Script, affecting unknown code of the file /index.php. The manipulation of the index argument leads to cross-site...

PT-2023-26002 · Unknown · Super Store Finder

Name of the Vulnerable Software and Affected Versions: Super Store Finder version 3.6 Description: A critical issue was found in the file /index.php of the component POST Parameter Handler, where the manipulation of the products argument leads to sql injection. This issue can be exploited remotel...

w2wiki 跨站脚本漏洞

w2wiki is a web-based wiki-like notepad developed by Steven Frank. A security vulnerability exists in w2wiki, which originates in the toHTML function of the index.php file of the component Markdown Handler, where a parameter query leads to cross-site scripting...

Creative Management System Lite SQL Injection Vulnerability

Creative Management System CMS Lite is a web content management system with features such as menu design, site backup and site calendar. A SQL injection vulnerability exists in CMS Lite version 1.4. A remote attacker can exploit the vulnerability by sending the 'S' parameter to the index.php file...

EUVD-2015-1559

Multiple cross-site scripting XSS vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 horder, 2 jakcatid, 3 jakcontent, 4 jakcss, 5 jakdeletelog, 6 jakemail, 7 jakextfile, 8 jakfile, 9 jakhookshow, 10 jakimg, 11 jakjavascript, 12...

PT-2006-5618 · All Enthusiast · Reviewpost

Name of the Vulnerable Software and Affected Versions: All Enthusiast ReviewPost version 2.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the RP PATH parameter in the index.php file. Recommendations: For All Enthusiast ReviewPost version 2.5, consider...

PT-2005-4920 · Jamit · Jamit Job Board

Name of the Vulnerable Software and Affected Versions: Jamit Job Board versions 2.4.1 and earlier Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the cat parameter in the "index.php" file. The vendor has disputed this issue, claiming it has no basi...

PT-2005-3817 · Noah · Noah'S Classifieds

Name of the Vulnerable Software and Affected Versions: Noah's classifieds version 1.3 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the rollid parameter in the index.php file. This could potentially lead to unauthorized actions on...