CVE-2025-13580

A vulnerability was determined in code-projects Library System 1.0. Affected is an unknown function of the file /mail.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2025-13580

A vulnerability was determined in code-projects Library System 1.0. Affected is an unknown function of the file /mail.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...

EUVD-2025-198598

A vulnerability was determined in code-projects Library System 1.0. Affected is an unknown function of the file /mail.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2025-13580 code-projects Library System mail.php sql injection

A vulnerability was determined in code-projects Library System 1.0. Affected is an unknown function of the file /mail.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...

Code-Projects Library System SQL注入漏洞

Library System is a library system. The Library System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /mail.php. An attacker can exploit this vulnerability to execute illegal SQL commands to stea...

EUVD-2008-0432

Malware in sbrugna...

EUVD-2006-1338

Malware in sbrugna...

EUVD-2006-5909

Malware in sbrugna...

EUVD-2005-3765

Malware in sbrugna...

EUVD-2009-1809

Malware in sbrugna...

CVE-2023-5305

A vulnerability was found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /mail.php of the component Contact Us Page. The manipulation of the argument message leads to cross site scripting. The attack may be...

CVE-2020-27976

osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option...

CVE-2023-5305

A vulnerability was found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /mail.php of the component Contact Us Page. The manipulation of the argument message leads to cross site scripting. The attack may be...

CVE-2023-5305

CVE-2023-5305 affects Online Banquet Booking System 1.0, specifically the /mail.php in the Contact Us Page. The issue arises from improper handling of the message parameter, enabling cross-site scripting. The attack surface is remote, with no privileges required and user interaction required. Sev...

Remote Code Execution (RCE)

pimcore is vulnerable to remote code execution. The vulnerability exists in multiple functions of Mail.php and Text.php due to the user controlled twig template rendering which allows an attacker to inject and execute malicious query parameters to the server-side template...

WordPress 4.5.x < 4.5.28 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS via wp-mail.php post by email. - An open redirect in wpnonceays. - Sender's email address is exposed in wp-mail.php. - A Cross-Site...

WP < 6.0.3 - Email Address Disclosure via wp-mail.php

Description WordPress discloses the sender's email address via wp-mail.php...

WP < 6.0.3 - Stored XSS via wp-mail.php

Description WordPress does not properly sanitize some parameters when receiving a post by email, which could lead to Stored Cross-Site Scripting issue...

WordPress core <= 6.0.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability via wp-mail.php discovered by Toshitsugu Yoneyama Mitsui Bussan Secure Directions, Inc. via JPCERT in WordPress core versions = 6.0.2 Solution Update the WordPress to the latest available version at least 6.0.3...

WordPress core <= 6.0.2 - Sender’s Email Address Exposure vulnerability

Sender’s Email Address Exposure vulnerability via wp-mail.php was discovered by Toshitsugu Yoneyama Mitsui Bussan Secure Directions, Inc. via JPCERT in the WordPress core versions = 6.0.2. Solution Update the WordPress to the latest available version at least 6.0.3...