PT-2025-34776 · Notescms · Notescms

Name of the Vulnerable Software and Affected Versions: NotesCMS versions prior to commit 95322c5121dbd7070f3bd54f2848079654a0a8ea Description: A vulnerability exists in NotesCMS, specifically within the /index.php?route=notes page. Manipulation of the title of service descriptions leads to a stor...

AbanteCart 安全漏洞

AbanteCart is an open source e-commerce platform by AbanteCart. A security vulnerability exists in AbanteCart version 1.4.2, which stems from a directory traversal in the template parameter in index.php, which could lead to access to sensitive system files...

CVE-2025-56214

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter...

CVE-2025-55420

A Reflected Cross Site Scripting XSS vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input...

CVE-2025-52335

EyouCMS 1.7.3 is vulnerale to Cross Site Scripting XSS in index.php, which can be exploited to obtain sensitive information...

PT-2025-33145 · Unknown · Lepszy Bip

Name of the Vulnerable Software and Affected Versions: Lepszy BIP affected versions not specified Description: Lepszy BIP is susceptible to a Reflected Cross-Site Scripting XSS issue. Insufficient input validation within the index.php form allows for the execution of arbitrary JavaScript code in ...

CVE-2025-52335

CVE-2025-52335 affects EyouCMS 1.7.3. The vulnerability is a Cross-Site Scripting (XSS) in the index.php file, caused by improper handling of input, allowing exposure of sensitive information. Practical exploitation details are not provided in the connected documents. No remediation or patch info...

PT-2025-33078 · S40 Cms · S40 Cms

Name of the Vulnerable Software and Affected Versions: S40 CMS version 0.4.2 Description: S40 CMS version 0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary fil...

CVE-2023-41524

Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the username parameter at index.php...

PT-2025-32292 · Unknown · Attendance Management System

Name of the Vulnerable Software and Affected Versions: Student Attendance Management System version 1 Description: The Student Attendance Management System is susceptible to a SQL injection issue through the username parameter located at the /index.php API endpoint. Recommendations: As a temporar...

CVE-2025-50707

An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component...

ThinkPHP 安全漏洞

ThinkPHP is a PHP-based, open source, lightweight web application development framework from China's Top Thinking Information Technology ThinkPHP. A security vulnerability exists in ThinkPHP version v.3.2.5, which originates from the index.php component that allows execution of arbitrary code...

CVE-2025-50707

ThinkPHP 3.x vulnerability CVE-2025-50707 affects v3.2.5. The issue allows remote code execution via the index.php component, caused by crafted template inclusion. Impact is as described: high risk of arbitrary code execution with network access and no user interaction. Public remediation availab...

CVE-2025-8378 Campcodes Online Hotel Reservation System Login index.php sql injection

A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attac...

The vulnerability of the index.php file of the WeGIA web manager allows attackers to perform cross-site scripting attacks.

The vulnerability of the index.php file of the WeGIA web manager is related to the failure to protect the structure of the web page when processing the erro parameter. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

CVE-2025-6082

The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to insufficient protection against directly accessing the plugin's index.php file, which causes an error exposing the full path. This makes it possible f...

CVE-2025-6082

The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to insufficient protection against directly accessing the plugin's index.php file, which causes an error exposing the full path. This makes it possible f...

CVE-2025-6082 Birth Chart Compatibility <= 2.0 - Unauthenticated Full Path Exposure

The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to insufficient protection against directly accessing the plugin's index.php file, which causes an error exposing the full path. This makes it possible f...

LuxSoft Luxcal 安全漏洞

LuxSoft Luxcal is a web calendar system organized by LuxSoft Belgium. A security vulnerability exists in LuxSoft Luxcal version 4.5.2, which stems from the presence of reflective cross-site scripting in index.php, which could allow an unauthenticated attacker to steal user data...

CVE-2025-53820 WeGIA vulnerable to Cross-Site Scripting (XSS) Reflected via endpoint 'index.php' parameter 'erro'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the index.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject...