CVE-2026-37749

A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php...

CVE-2026-1469

Stored Cross-Site Scripting XSS in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequentl...

CVE-2024-44065

Time-based blind SQL Injection vulnerability in Cloudlog v2.6.15 at the endpoint /index.php/logbookadvanced/search in the qsoresults parameter...

CVE-2025-13786

A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public...

CVE-2025-13545 ashraf-kabir travel-agency index.php sql injection

A security vulnerability has been detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this vulnerability is an unknown functionality of the file /adminarea/index.php. The manipulation of the argument editpack leads to sql injection. The attack can be...

CVE-2025-11736

A flaw has been found in itsourcecode Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may...

itsourcecode Student Information Management System 安全漏洞

itsourcecode Student Information Management System is an open source student information management system from itsourcecode. A security vulnerability exists in itsourcecode Student Information Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the...

Typecho Security Vulnerability

typecho is a PHP blogging platform for typecho individual developers. It is simple and powerful. Typecho v1.2.1 version of a security vulnerability , the vulnerability stems from the component / index.php / action / xmlrpc has a security hole . Attackers can use the vulnerability for XML secondar...

WideImage Cross-Site Scripting Vulnerability

WideImage is an open source for image processing object-oriented PHP library . A cross-site scripting vulnerability exists in WideImage 11.02.19, which allows remote attackers to inject arbitrary web script or HTML via the matrix parameter of demo/indexphp...

Multiple Cross-Site Scripting Vulnerabilities in Synology Photo Station-2945

Synology Photo Station is a solution for sharing pictures, videos and blogs over the Internet from Synology. A cross-site scripting vulnerability exists in Synology Photo Station versions prior to 6.3-2945, which allows remote attackers to inject arbitrary web script or HTML via loginphp or...

Installatron GQ File Manager SQL Injection Vulnerability

Installatron GQ File Manager is a web-based GQ file manager from Installatron. Installatron GQ File Manager 0.2.5 suffers from a SQL injection vulnerability that allows remote attackers to execute arbitrary commands via indexphp creation parameters...

MyPBS (index.php seasonID) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl Coded by Piker pikerdotther00tatgmaildotcom D.O.M Team piker,ka0x,an0de,xarnuz 2008 Security Researchers MyPBS Remote SQL Injection Exploit This exploit tries to read an arbitrary file. piker@domlabs:/advisories$ perl mypbs.pl http://localhost/myp...