74 matches found
CVE-2026-12046
CVE-2026-12046: pgAdmin 4 exposes unauthenticated deserialization sink in SQL Editor close and update_connection routes (DELETE /sqleditor/close/, POST /sqleditor/initialize/sqleditor/update_connection///). Missing @pga_login_required allows unauthenticated access to pickle.loads on session['grid...
CVE-2026-10225
A vulnerability was detected in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file logincheck.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The...
EUVD-2026-33558
A vulnerability was detected in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file logincheck.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The...
CVE-2026-10225 raisulislamg4 student_management_system_by_php Login login_check.php sql injection
A vulnerability was detected in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file logincheck.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The...
CVE-2026-10225
The CVE describes a SQL injection in the raisulislamg4 student_management_system_by_php, affecting the Login component via login_check.php when manipulating the Username argument. The issue is exploitable remotely over a NETWORK attack vector with LOW attack complexity and NO privileges required,...
CVE-2026-10225 raisulislamg4 student_management_system_by_php Login login_check.php sql injection
A vulnerability was detected in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file logincheck.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The...
CVE-2026-10225
A vulnerability was detected in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file logincheck.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The...
CVE-2026-45620
Technical details for CVE-2026-45620 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2026-45620
WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...
GHSA-VPFX-PXQW-2W79 AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration sibling that survives `d9cdc7024`
CVE-2026-43881 fix d9cdc7024 patched users.json.php only. The same anti-pattern survives at master HEAD in: objects/mention.json.php:17 $ignoreAdmin = true; objects/mention.json.php:18 $users = User::getAllUsers$ignoreAdmin, 'name', 'email', 'user', 'channelName', 'a'; No User::loginCheck, no adm...
AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration sibling that survives `d9cdc7024`
CVE-2026-43881 fix d9cdc7024 patched users.json.php only. The same anti-pattern survives at master HEAD in: objects/mention.json.php:17 $ignoreAdmin = true; objects/mention.json.php:18 $users = User::getAllUsers$ignoreAdmin, 'name', 'email', 'user', 'channelName', 'a'; No User::loginCheck, no adm...
CVE-2026-6165
A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Logincheck.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made...
CVE-2026-6165
A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Logincheck.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made...
CVE-2026-6165
CVE-2026-6165 affects code-projects Vehicle Showroom Management System 1.0. The vulnerability resides in an unknown code path within /util/Login_check.php, where manipulating the argument ID can trigger SQL injection. Attacks can be launched remotely, and the exploit is publicly available (POC). ...
CVE-2026-6165 code-projects Vehicle Showroom Management System Login_check.php sql injection
A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Logincheck.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made...
CVE-2026-6165
A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Logincheck.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made...
PT-2026-32276
A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Login check.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made...
Code-Projects Vehicle Showroom Management System SQL注入漏洞
Code-Projects Vehicle Showroom Management System is an open-source automotive showroom management system developed by Code-Projects. Version 1.0 of the Code-Projects Vehicle Showroom Management System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the...
BIT-JOOMLA-2026-21629 Joomla! Core - [20260301] - ACL hardening in com_ajax
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...
CVE-2026-21629
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...