CVE-2025-63738

An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpinfo via the a parameter to the index.php...

Xinhu RockOA 安全漏洞

Xinhu RockOA is an office OA system of China Xinhu Company. A security vulnerability exists in Xinhu RockOA version 2.7.0, which originates from the incorrect operation of the parameter a in the file index.php, which may lead to the disclosure of sensitive information...

EUVD-2025-199928

A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public...

CVE-2025-13786 taosir WTCMS index.php fetch code injection

A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public...

CVE-2025-13786 taosir WTCMS index.php fetch code injection

A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public...

CVE-2025-13578

A vulnerability has been found in code-projects Library System 1.0. This affects an unknown function of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public...

Code-Projects Library System SQL注入漏洞

Library System is a library system. Library System suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Username in the file /index.php. The vulnerability can be exploited by an attacker to execute illegal SQL...

CVE-2025-55128

HackerOne community member Dang Hung Vi vidang04 has reported an uncontrolled resource consumption vulnerability in the “userlog-index.php”. An attacker with access to the admin interface could request an arbitrarily large number of items per page, potentially leading to a denial of service...

Revive Adserver 安全漏洞

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from an...

CVE-2025-13276

CVE-2025-13276 affects g33kyrash Online-Banking-System. The vulnerability is a SQL injection in the /index.php file caused by manipulating the Username parameter. It is remotely exploitable and has public exploit code. Version details for affected and updated releases are not available due to rol...

CVE-2025-13276 g33kyrash Online-Banking-System index.php sql injection

A vulnerability was detected in g33kyrash Online-Banking-System up to 12dbfa690e5af649fb72d2e5d3674e88d6743455. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The...

CVE-2025-13241

The CVE concerns code-projects Student Information System 2.0, where the vulnerability resides in the /index.php file. The Username parameter can be manipulated to achieve SQL injection, allowing remote execution. The issue is supported by multiple sources (NVD, Red Hat, CNVD, CNNVD, EUVD, VulnDB...

CVE-2025-13241 code-projects Student Information System index.php sql injection

A flaw has been found in code-projects Student Information System 2.0. This vulnerability affects unknown code of the file /index.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used...

CVE-2025-13234 itsourcecode Inventory Management System index.php sql injection

A vulnerability was found in itsourcecode Inventory Management System 1.0. The impacted element is an unknown function of the file /index.php?q=product. Performing manipulation of the argument PROID results in sql injection. It is possible to initiate the attack remotely. The exploit has been mad...

CVE-2025-12292

A vulnerability was determined in SourceCodester Point of Sales 1.0. This vulnerability affects unknown code of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be...

CVE-2025-12292 SourceCodester Point of Sales index.php sql injection

A vulnerability was determined in SourceCodester Point of Sales 1.0. This vulnerability affects unknown code of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be...

CVE-2025-12237

A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /index.php. Such manipulation of the argument keywords leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be us...

CVE-2025-12237

The CVE-2025-12237 entry concerns projectworlds Advanced Library Management System 1.0. A vulnerability exists in the /index.php file where manipulating the keywords parameter enables SQL injection. The flaw is remotely exploitable, and public exploit code is available. Connected sources corrobor...

PT-2025-43976

Name of the Vulnerable Software and Affected Versions SourceCodester Point of Sales version 1.0 Description A flaw exists in SourceCodester Point of Sales 1.0 where manipulation of the Username argument in the file '/index.php' can lead to SQL injection. This issue can be exploited remotely. The...

Projectworlds Advanced Library Management System SQL注入漏洞

Projectworlds Advanced Library Management System is an advanced library management system from Projectworlds India. A SQL injection vulnerability exists in version 1.0 of projectworlds Advanced Library Management System, which stems from incorrect manipulation of the parameter keywords in the fil...