CVE-2026-10694 SourceCodester Online Food Ordering System index.php include file inclusion

A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. The attack can be launched remotely. The exploit is now public and may be used...

EUVD-2019-19906

i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Attackers can send GET requests to index.php with filemanager=image and supply arbitrary file paths like...

CVE-2019-25582

i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Attackers can send GET requests to index.php with filemanager=image and supply arbitrary file paths like...

CVE-2019-25573

Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...

CVE-2026-3702

A vulnerability was detected in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. The attack is possible to be carried out remotely. The exploit is...

CVE-2018-25184

Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files li...

CVE-2023-54341

Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-controlled inputs, allowing attackers to execute arbitrary...

CVE-2025-63739

Xinhu Rainrock RockOA 2.7.0 is affected by CVE-2025-63739 due to a flaw in phpinisaveAction() in webmain/system/cogini/coginiAction.php. An authenticated user can use the a parameter on index.php to modify PHP configuration files. The vulnerability affects the cited version; Red Hat and other sou...

Food Ordering Management System 跨站脚本漏洞

Food Ordering Management System is a food ordering management system by Carlo Montero, an individual developer. It provides an online platform to order food from a restaurant or fast food chain. A cross-site scripting vulnerability exists in Food Ordering Management System version 1.0, which stem...

PT-2024-23713 · Unknown · Phpgurukul Men Salon Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Men Salon Management System version 2.0 Description: The issue allows remote attackers to execute arbitrary code and obtain sensitive information via the email parameter in the "index.php" component. This enables attackers to acces...

CVE-2024-0265

A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiate...

CVE-2023-4749

A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been...

CVE-2023-40748

PHPJabbers Food Delivery Script 3.0 has a SQL injection SQLi vulnerability in the "q" parameter of index.php...

CVE-2023-36314

There is a Cross Site Scripting XSS vulnerability in the value-text-osmsemailrequestmessage parameters of index.php in PHPJabbers Callback Widget v1.0...

CVE-2022-28521

ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=spsetconfig...

Open Solutions For Education openSIS SQL注入漏洞

openSIS is a free and open source student information system/school management software. openSIS version 8.0 is vulnerable to SQL injection when using MySQL MariaDB as the application database. An attacker can use the index.php username parameter to issue SQL commands to the MySQL MariaDB databas...

CVE-2019-13978

Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request...

CVE-2018-16549

HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter...

Multiple cross-site scripting vulnerabilities in LabWiki

LabWiki is a meme plugin. Multiple cross-site scripting vulnerabilities exist in LabWiki 1.1 and earlier versions. A remote attacker can exploit this vulnerability by sending the 'from' parameter to the index.php file or the 'pageno' parameter to the recentchanges.php file to inject arbitrary web...

Joomla! googleSearch (CSE) component cross-site scripting vulnerability

Joomla! is an open source content management system. googleSearch component for Joomla! is a custom search engine component for Joomla! A cross-site scripting vulnerability in googleSearch component 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the q paramet...