CVE-2026-37597

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/attendance_list.php. The root cause is unsafe SQL query handling, enabling potential data leakage or modification. The CVSS metrics indicate a low severity (Base ...

CVE-2025-14710

The connected Red Hat/CVE and NVD entries confirm CVE-2025-14710 affects FantasticLBP Hotels Server, specifically a SQL injection in /controller/api/OrderList.php via the telephone parameter. Exploitation is remote and publicly available, with the issue tied to a rolling-release deployment where ...

Linux Distros Unpatched Vulnerability : CVE-2017-7887

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. CVE-2017-7887 Note that Nessus relies on the presence of the package as reported...

CVE-2025-9700

The CVE-2025-9700 entry concerns SourceCodester Online Book Store 1.0 where the /publisher_list.php endpoint processes the pubid parameter unsafely, enabling SQL injection. Several trusted sources corroborate a remote-executable SQL injection vulnerability stemming from incorrect handling of pubi...

CVE-2024-9573

SQL injection vulnerability in SOPlanning 1.45, through /soplanning/www/groupelist.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server...

CVE-2024-7924

A vulnerability was found in ZZCMS 2023. It has been declared as critical. This vulnerability affects unknown code of the file /I/list.php. The manipulation of the argument skin leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...

Dolibarr ERP/CRM SQL注入漏洞

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A SQL injection vulnerability exists in Dolibarr ERP/CRM versi...

twmap 跨站脚本漏洞

Twmap is a Taiwan map-related document/code for China. twmap is vulnerable to a cross-site scripting vulnerability that originates in the file list.php, where the exit function will terminate the script and print a message to the user. No detailed vulnerability details are currently available...

SQL Injection Vulnerability in Hongyu Multi-User Mall System scan_list.php Page

Hongyu multi-user mall system is a B2B2C new retail e-commerce system. A SQL injection vulnerability exists in the scli.php page of Hongyu Multi-User Mall System, which can be exploited by attackers to obtain sensitive information...

CVE-2019-13076

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticketlist.php, and affected parameters are order0column and order0dir...

CVE-2018-18792

An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zslist.php via a pxzs cookie...

Dolibarr ERP/CRM on/list.php File SQL Injection Vulnerability

Dolibarr ERP/CRM is an open source software/freeware for small and medium-sized businesses, organizations or freelancers. It includes different features such as Enterprise Resource Planning ERP and Customer Relationship Management CRM, as well as applications for other different activities. A SQL...

UBUNTU-CVE-2017-14242

SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter...

phplist: cross site request forgery (CSRF), CVE-2011-0748

phplist: cross site request forgery CSRF, CVE-2011-0748 References https://vulners.com/cve/CVE-2011-2748 http://int21.de/cve/CVE-2011-0748-phplist.html Description phplist is a mailing list software written in PHP. Up to version 2.10.12, it provided no protection against cross site request forger...