Lucene search
+L

691 matches found

cve
cve
added 2026/02/23 11:2 p.m.19 views

CVE-2026-3042

The CVE-2026-3042 entry concerns itsourcecode Event Management System 1.0. The vulnerability affects the /admin/index.php file where manipulating the ID argument leads to SQL injection, exploitable remotely, with publicly available exploit information. Multiple connected sources corroborate the i...

9.8CVSS7.3AI score0.00425EPSS
Exploits1References5Affected Software1
ptsecurity
ptsecurity
added 2026/02/23 12:0 a.m.14 views

PT-2026-21576

Name of the Vulnerable Software and Affected Versions itsourcecode Event Management System version 1.0 Description A SQL injection issue exists in itsourcecode Event Management System version 1.0. Remote attackers can exploit this by manipulating the ID argument in the /admin/index.php file. The...

9.8CVSS7.1AI score0.00425EPSS
Exploits1References11
cvelist
cvelist
added 2026/02/22 10:32 a.m.31 views

CVE-2026-2943 SapneshNaik Student Management System index.php cross site scripting

A vulnerability was identified in SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318. This impacts an unknown function of the file index.php. Such manipulation of the argument Error leads to cross site scripting. The attack can be launched remotely. The exploit i...

5.3CVSS0.00263EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/02/20 1:22 a.m.8 views

CVE-2026-27175

MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated OS command injection via rc/index.php. The $param variable from user input is interpolated into a command string within double quotes without sanitization via escapeshellarg. The command is inserted into a database queue by...

9.8CVSS6.6AI score0.06872EPSS
Exploits3References1
vulnrichment
vulnrichment
added 2026/02/19 8:44 a.m.3 views

CVE-2025-40697 Reflected Cross-Site Scripting (XSS) in Lewe WebMeasure

Reflected Cross-Site Scripting XSS vulnerability in '/index.php' in Lewe WebMeasure, which allows remote attackers to execute arbitrary code through the 'page' parameter. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of...

5.1CVSS6.2AI score0.00404EPSS
Exploits0References1
cvelist
cvelist
added 2026/02/19 8:44 a.m.31 views

CVE-2025-40697 Reflected Cross-Site Scripting (XSS) in Lewe WebMeasure

Reflected Cross-Site Scripting XSS vulnerability in '/index.php' in Lewe WebMeasure, which allows remote attackers to execute arbitrary code through the 'page' parameter. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of...

5.1CVSS0.00404EPSS
Exploits0References1
cve
cve
added 2026/02/19 8:44 a.m.11 views

CVE-2025-40697

CVE-2025-40697 describes a Reflected XSS in Lewe WebMeasure affecting the endpoint /index.php via the page parameter. The vulnerability could allow an attacker to execute arbitrary code in the context of a user session, with potential data exposure such as session cookies and the ability to perfo...

5.1CVSS6.2AI score0.00404EPSS
Exploits0References1
nvd
nvd
added 2026/02/18 10:16 p.m.13 views

CVE-2026-27175

MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated OS command injection via rc/index.php. The $param variable from user input is interpolated into a command string within double quotes without sanitization via escapeshellarg. The command is inserted into a database queue by...

9.8CVSS0.06872EPSS
Exploits3References3
vulnrichment
vulnrichment
added 2026/02/18 9:10 p.m.3 views

CVE-2026-27175 MajorDoMo Command Injection in rc/index.php via Race Condition

MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated OS command injection via rc/index.php. The $param variable from user input is interpolated into a command string within double quotes without sanitization via escapeshellarg. The command is inserted into a database queue by...

9.8CVSS6.6AI score0.06872EPSS
Exploits3References3
ptsecurity
ptsecurity
added 2026/02/18 12:0 a.m.16 views

PT-2026-20511

MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated OS command injection via rc/index.php. The $param variable from user input is interpolated into a command string within double quotes without sanitization via escapeshellarg. The command is inserted into a database queue by safe...

9.8CVSS6.6AI score0.06872EPSS
Exploits3References3
cnnvd
cnnvd
added 2026/02/18 12:0 a.m.21 views

MajorDoMo 操作系统命令注入漏洞

MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. There is a vulnerability in the operating system’s command injection mechanism. This vulnerability stems from the $param variable passed as user input in the rc/index.php file, which is inserted...

9.8CVSS5.8AI score0.06872EPSS
Exploits3References3
redhatcve
redhatcve
added 2026/02/12 7:29 p.m.10 views

CVE-2026-25868

MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting XSS vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply...

6.1CVSS5.6AI score0.00288EPSS
Exploits0References1
cvelist
cvelist
added 2026/02/11 3:40 p.m.32 views

CVE-2026-25869 MiniGal Nano <= 0.3.5 Path Traversal via dir Parameter

MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...

6.9CVSS0.005EPSS
Exploits0References3
cvelist
cvelist
added 2026/02/11 3:34 p.m.32 views

CVE-2026-25868 MiniGal Nano <= 0.3.5 Reflected XSS via dir Parameter

MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting XSS vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply...

5.1CVSS0.00288EPSS
Exploits0References3
osv
osv
added 2026/02/08 3:15 p.m.5 views

CVE-2026-2156

A weakness has been identified in code-projects Online Student Management System 1.0. The impacted element is an unknown function of the file /admin/announcement/index.php?view=add of the component Announcement Management Module. This manipulation causes cross site scripting. The attack is possib...

4.8CVSS4.1AI score0.00198EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/02/07 12:0 a.m.12 views

PT-2026-6874

Name of the Vulnerable Software and Affected Versions itsourcecode School Management System version 1.0 Description A flaw exists in itsourcecode School Management System 1.0 that allows for SQL injection. This occurs through manipulation of the ID argument within the file...

7.5CVSS7.1AI score0.00323EPSS
Exploits1References8
osv
osv
added 2026/02/06 10:16 a.m.3 views

CVE-2026-2014

A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

9.8CVSS5.7AI score0.00416EPSS
Exploits1References5
cvelist
cvelist
added 2026/02/06 10:2 a.m.35 views

CVE-2026-2014 itsourcecode Student Management System index.php sql injection

A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

7.5CVSS0.00416EPSS
Exploits1References5
cve
cve
added 2026/02/06 9:32 a.m.19 views

CVE-2026-2013

CVE-2026-2013 affects itsourcecode Student Management System 1.0. Vulnerable component: /ramonsys/soa/index.php; flaw involves manipulating the ID parameter to trigger SQL injection. Attack can be launched remotely; exploit publicly available. CVSS metrics indicate high/critical impact (up to 9.8...

9.8CVSS7.2AI score0.00416EPSS
Exploits1References5Affected Software1
cnnvd
cnnvd
added 2026/02/06 12:0 a.m.8 views

itsourcecode Student Management System SQL注入漏洞

itsourcecode Student Management System is an open-source student management system developed by itsourcecode. Version 1.0 of the itsourcecode Student Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file...

9.8CVSS7.2AI score0.00416EPSS
Exploits1References5
Rows per page
Query Builder