CVE-2026-8611

The Klamra Paycal for Aspaclaria WordPress plugin is vulnerable to Insecure Direct Object Reference through the invoice_id parameter in versions up to 1.1.4, caused by missing validation on a user-controlled key. Authenticated users with subscriber-level access and higher can enumerate post IDs t...

EUVD-2026-34958

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2026-8611

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

EUVD-2025-38446

A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View Fee Invoice. Performing manipulation of the argument invoiceid results in improper control of...

mantry.com XSS vulnerability

Vulnerable URL: http://mantry.com/thill/?invoiceid=1id=...

Sql injection

Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the 1 OutgoingTypeID, 2 OutgoingID, 3 ProjectID, 4 ClientID, 5 InvoiceID, or 6 VendorID parameter...

CVE-2007-3345

Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the 1 OutgoingTypeID, 2 OutgoingID, 3 ProjectID, 4 ClientID, 5 InvoiceID, or 6 VendorID parameter...