Beauty Parlour Management System invoices.php file SQL Injection Vulnerability

Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/invoices.php. An attacker can exploit...

CVE-2025-11416 PHPGurukul Beauty Parlour Management System invoices.php sql injection

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/invoices.php. Performing a manipulation of the argument delid results in sql injection. The attack can be initiated remotely. The exploit has been released to th...

EUVD-2025-21336

Malicious code in bioql PyPI...

EUVD-2023-36560

Malicious code in bioql PyPI...

Dairy Farm Shop Management System invoices.php file SQL injection vulnerability

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . The Dairy Farm Shop Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter del in the file invoices.php...

CVE-2025-7592

A vulnerability has been found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file invoices.php. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The...

CVE-2025-7592

A vulnerability has been found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file invoices.php. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The...

CVE-2025-7592 PHPGurukul Dairy Farm Shop Management System invoices.php sql injection

A vulnerability has been found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file invoices.php. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The...

CVE-2025-7592

The PHPGurukul Dairy Farm Shop Management System v1.3 contains a SQL injection in invoices.php (and receipts.php per PT-2025-29447) triggered by manipulating the del parameter. This enables remote exploitation and the exploit has been publicly disclosed. Affected functionality and lack of input v...

CVE-2025-7592 PHPGurukul Dairy Farm Shop Management System invoices.php sql injection

A vulnerability has been found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file invoices.php. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The...

CVE-2025-3316

The CVE-2025-3316 entry concerns PHPGurukul Men Salon Management System 1.0. The vulnerability is an SQL injection in the /admin/search-invoices.php endpoint caused by improper handling of the searchdata parameter. It can be exploited remotely, and public exploit content exists. Affected software...

CVE-2025-3316 PHPGurukul Men Salon Management System search-invoices.php sql injection

A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/search-invoices.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The...

CVE-2024-12362 InvoicePlane invoices.php download path traversal

A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclos...

CVE-2024-12362 InvoicePlane invoices.php download path traversal

A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclos...

PT-2024-17570 · Unknown · Invoiceplane

Name of the Vulnerable Software and Affected Versions: InvoicePlane versions up to 1.6.1 Description: A vulnerability was found in InvoicePlane, affecting the function download of the file invoices.php. The manipulation of the invoice argument leads to path traversal. It is possible to initiate t...

InvoicePlane 路径遍历漏洞

InvoicePlane is an application of InvoicePlane open source. Provides a self-hosted open source application for managing your quotes, invoices, customers and payments. A path traversal vulnerability exists in InvoicePlane 1.6.1 and earlier versions, which stems from the parameter invoice in the fi...

CVE-2023-32308 SQL Injection Vulnerability in anuko timetracker

anuko timetracker is an open source time tracking system. Boolean-based blind SQL injection vulnerability existed in Time Tracker invoices.php in versions prior to 1.22.11.5781. This was happening because of a coding error after validating parameters in POST requests. There was no check for error...

EZ Invoice Inc. EZI 2.0 Invoices.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16133/info EZI is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result i...

WHMCS 4.x & 5.x - Multiple Web Vulnerabilities

No description provided by source. Exploit Title: WHMCS v4.x & v5.x - Multiple Web Vulnerabilities Date: 2013-12-10 Exploit Author: ahwak2000 Vendor Homepage: http://whmcs.com/ Version: 4.x , 5.x Tested on: win 7 +------------------+ | Vulnerability | +------------------+ File :...

Cross site scripting

Cross-site scripting XSS vulnerability in Multiple Time Sheets MTS 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to 1 index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or 2 clientinfo.php, 3 invoices.ph...