EUVD-2026-18756

immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...

Student File Management System login_query.php File SQL Injection Vulnerability

Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter Username in the file /admin/loginquery.php. An...

Student File Management System stud_no Parameter SQL Injection Vulnerability

Student File Management System is a student file management system. Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter studentno in the file loginquery.php. An attacker can...

CVE-2025-14620

A vulnerability was determined in code-projects Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/loginquery.php. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit h...

EUVD-2025-203267

A vulnerability was determined in code-projects Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/loginquery.php. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit h...

EUVD-2025-203265

A vulnerability was found in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file loginquery.php. Performing manipulation of the argument studno results in sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-14620 code-projects Student File Management System login_query.php sql injection

A vulnerability was determined in code-projects Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/loginquery.php. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit h...

CVE-2025-14620 code-projects Student File Management System login_query.php sql injection

A vulnerability was determined in code-projects Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/loginquery.php. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit h...

CVE-2025-14620

CVE-2025-14620 affects code-projects Student File Management System 1.0. The vulnerability resides in the /admin/login_query.php component, where manipulation of the Username parameter enables SQL injection. The issue appears to be exploitable remotely, and publicly disclosed exploit details exis...

code-projects Student File Management System SQL注入漏洞

Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter Username in the file /admin/loginquery.php. An...

PT-2025-51127

Name of the Vulnerable Software and Affected Versions code-projects Student File Management System version 1.0 Description A flaw exists in the Student File Management System that allows for remote SQL injection. The issue is located in the login query.php file, specifically through manipulation ...

Code-Projects Student File Management System SQL注入漏洞

Student File Management System is a student file management system. Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter studentno in the file loginquery.php. An attacker can...

EUVD-2025-26306

Malicious code in bioql PyPI...

CVE-2025-8877

The AffiliateWP plugin for WordPress is vulnerable to SQL Injection via the ajaxgetaffiliateidfromlogin function in all versions up to, and including, 2.28.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2025-9741

A vulnerability was determined in code-projects Human Resource Integrated System 1.0. This vulnerability affects unknown code of the file /loginquery12.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...

CVE-2025-9741

Summary: CVE-2025-9741 affects code-projects Human Resource Integrated System 1.0, specifically the /login_query12.php file. The issue is a SQL injection caused by lack of validation of the ID parameter in that file. An attacker can remotely exploit this vulnerability, and a public exploit exists...

CVE-2017-11175

In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /login...

ZoneMinder Cross-War Scripting Vulnerability

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras and more. ZoneMinder 1.30.2 version of a cross-site scripting vulnerability , the vulnerability stems from ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php URL fails to...

DEBIAN-CVE-2017-7203

A Cross-Site Scripting XSS was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data postLoginQuery passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and scrip...

UBUNTU-CVE-2017-7203

A Cross-Site Scripting XSS was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data postLoginQuery passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and scrip...