691 matches found
CVE-2026-3042
The CVE-2026-3042 entry concerns itsourcecode Event Management System 1.0. The vulnerability affects the /admin/index.php file where manipulating the ID argument leads to SQL injection, exploitable remotely, with publicly available exploit information. Multiple connected sources corroborate the i...
PT-2026-21576
Name of the Vulnerable Software and Affected Versions itsourcecode Event Management System version 1.0 Description A SQL injection issue exists in itsourcecode Event Management System version 1.0. Remote attackers can exploit this by manipulating the ID argument in the /admin/index.php file. The...
CVE-2026-2943 SapneshNaik Student Management System index.php cross site scripting
A vulnerability was identified in SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318. This impacts an unknown function of the file index.php. Such manipulation of the argument Error leads to cross site scripting. The attack can be launched remotely. The exploit i...
CVE-2026-27175
MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated OS command injection via rc/index.php. The $param variable from user input is interpolated into a command string within double quotes without sanitization via escapeshellarg. The command is inserted into a database queue by...
CVE-2025-40697 Reflected Cross-Site Scripting (XSS) in Lewe WebMeasure
Reflected Cross-Site Scripting XSS vulnerability in '/index.php' in Lewe WebMeasure, which allows remote attackers to execute arbitrary code through the 'page' parameter. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of...
CVE-2025-40697 Reflected Cross-Site Scripting (XSS) in Lewe WebMeasure
Reflected Cross-Site Scripting XSS vulnerability in '/index.php' in Lewe WebMeasure, which allows remote attackers to execute arbitrary code through the 'page' parameter. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of...
CVE-2025-40697
CVE-2025-40697 describes a Reflected XSS in Lewe WebMeasure affecting the endpoint /index.php via the page parameter. The vulnerability could allow an attacker to execute arbitrary code in the context of a user session, with potential data exposure such as session cookies and the ability to perfo...
CVE-2026-27175
MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated OS command injection via rc/index.php. The $param variable from user input is interpolated into a command string within double quotes without sanitization via escapeshellarg. The command is inserted into a database queue by...
CVE-2026-27175 MajorDoMo Command Injection in rc/index.php via Race Condition
MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated OS command injection via rc/index.php. The $param variable from user input is interpolated into a command string within double quotes without sanitization via escapeshellarg. The command is inserted into a database queue by...
PT-2026-20511
MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated OS command injection via rc/index.php. The $param variable from user input is interpolated into a command string within double quotes without sanitization via escapeshellarg. The command is inserted into a database queue by safe...
MajorDoMo 操作系统命令注入漏洞
MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. There is a vulnerability in the operating system’s command injection mechanism. This vulnerability stems from the $param variable passed as user input in the rc/index.php file, which is inserted...
CVE-2026-25868
MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting XSS vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply...
CVE-2026-25869 MiniGal Nano <= 0.3.5 Path Traversal via dir Parameter
MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...
CVE-2026-25868 MiniGal Nano <= 0.3.5 Reflected XSS via dir Parameter
MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting XSS vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply...
CVE-2026-2156
A weakness has been identified in code-projects Online Student Management System 1.0. The impacted element is an unknown function of the file /admin/announcement/index.php?view=add of the component Announcement Management Module. This manipulation causes cross site scripting. The attack is possib...
PT-2026-6874
Name of the Vulnerable Software and Affected Versions itsourcecode School Management System version 1.0 Description A flaw exists in itsourcecode School Management System 1.0 that allows for SQL injection. This occurs through manipulation of the ID argument within the file...
CVE-2026-2014
A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-2014 itsourcecode Student Management System index.php sql injection
A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-2013
CVE-2026-2013 affects itsourcecode Student Management System 1.0. Vulnerable component: /ramonsys/soa/index.php; flaw involves manipulating the ID parameter to trigger SQL injection. Attack can be launched remotely; exploit publicly available. CVSS metrics indicate high/critical impact (up to 9.8...
itsourcecode Student Management System SQL注入漏洞
itsourcecode Student Management System is an open-source student management system developed by itsourcecode. Version 1.0 of the itsourcecode Student Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file...