CVE-2026-7109

A vulnerability was detected in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /item of the component API Endpoint. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and...

CVE-2026-7109

A vulnerability was detected in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /item of the component API Endpoint. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and...

CVE-2026-7109 code-projects Invoice System in Laravel API Endpoint item improper authorization

A vulnerability was detected in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /item of the component API Endpoint. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and...

CVE-2026-7109

CVE-2026-7109 affects code-projects Invoice System (Laravel 1.0) with a vulnerability in the API Endpoint item/file that enables improper authorization. The underlying issue is exploitable remotely; multiple sources note public exposure and PoC-like exploitation. No specific patch/version remedia...

Sylius is Missing Authorization in API v2 Add Item Endpoint

Impact The POST /api/v2/shop/orders/tokenValue/items endpoint does not verify cart ownership. An unauthenticated attacker can add items to other registered customers' carts by knowing the cart tokenValue. POST /api/v2/shop/orders/tokenValue/items Other mutation endpoints PUT, PATCH, DELETE are no...

CVE-2026-31821 Sylius is Missing Authorization in API v2 Add Item Endpoint

Sylius is an Open Source eCommerce Framework on Symfony. The POST /api/v2/shop/orders/tokenValue/items endpoint does not verify cart ownership. An unauthenticated attacker can add items to other registered customers' carts by knowing the cart tokenValue. An attacker who obtains a cart tokenValue...

PT-2026-21433

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or cat id parameters to add-item.php to execu...

PT-2025-47067

Name of the Vulnerable Software and Affected Versions itsourcecode Inventory Management System version 1.0 Description A SQL injection issue exists in itsourcecode Inventory Management System 1.0. Manipulation of the ID argument in the /index.php?q=single-item endpoint can lead to SQL injection...

CVE-2025-10274

A security flaw has been discovered in erjinzhi 10OA 1.0. Affected by this issue is some unknown functionality of the file /trial/mvc/item. Performing manipulation of the argument Name results in cross site scripting. The attack may be initiated remotely. The exploit has been released to the publ...

CVE-2025-10274 erjinzhi 10OA item cross site scripting

A security flaw has been discovered in erjinzhi 10OA 1.0. Affected by this issue is some unknown functionality of the file /trial/mvc/item. Performing manipulation of the argument Name results in cross site scripting. The attack may be initiated remotely. The exploit has been released to the publ...

CVE-2022-36693

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=deleteitem...

CVE-2024-35356

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=saveitem. Manipulating the argument id can result in SQL injection...

PT-2024-26458 · Unknown · Diño Physics School Assistant

Name of the Vulnerable Software and Affected Versions: Diño Physics School Assistant version 2.3 Description: A vulnerability has been discovered that impacts an unidentified code within the file /classes/Master.php?f=view item. Manipulating the argument id can result in SQL injection...

PT-2023-20885 · Sourcecodester · Sourcecodester Lost/Found Information System

Name of the Vulnerable Software and Affected Versions: SourceCodester Lost and Found Information System version 1.0 Description: A critical vulnerability was found in the SourceCodester Lost and Found Information System. The issue affects an unknown functionality of the file...

CVE-2022-36693

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=deleteitem...

CVE-2022-36700

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/manageitem.php...

CVE-2022-36701

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/viewitem.php...

CVE-2022-28022

Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchaseorder/classes/Master.php?f=deleteitem...