CVE-2026-11335

The CVE-2026-11335 affects the tittuvarghese CollegeManagementSystem (login-form.php) where the session_start function can be manipulated via UserAuthData, enabling remote session fixation. The flaw is exploitable without user privileges and is evidenced by published exploits; the project reporte...

AndSoft e-TMS OS Command Injection Vulnerability (CNVD-2025-23544)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from a misuse of the parameter m in the file /clt/LOGINFRMCAT.ASP, which can be exploited by an attacker to execute operating system...

AndSoft e-TMS 跨站脚本漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...