HAX 操作系统命令注入漏洞

HAX is an open-source microsite developed by HAX The Web, managed using PHP as the backend. Versions of HAX prior to 26.0.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from an authenticated file overwrite vulnerability, which could allow...

CVE-2022-31986

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/dailycourtrentalreport=...

EUVD-2006-5227

Malware in sbrugna...

EUVD-2023-50288

Malicious code in bioql PyPI...

CVE-2023-41530

Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the appcontact parameter in appsearch.php...

CVE-2023-40992

Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter...

CVE-2023-40992

Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter...

CVE-2025-40685

Reflected Cross-Site Scripting XSS in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searcstate' parameter in/state.php...

The vulnerability of the UMI CMS content management system, related to the lack of measures taken to protect the website structure, allows attackers to intercept the administrator’s session.

The vulnerability of the UMI CMS content management system is related to the lack of measures taken to protect the website’s structure. Operating the system may allow a malicious actor, operating remotely, to intercept the administrator’s session by performing XSS attacks using a specially crafte...

CVE-2025-5779 code-projects Patient Record Management System birthing.php sql injection

A vulnerability has been found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /birthing.php. The manipulation of the argument itrno/compid leads to sql injection. The attack can be launched...

CVE-2024-31063

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field...

CVE-2024-50833

A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters...

CVE-2024-50831

A SQL Injection was found in /admin/adminuser.php in kashipara E-learning Management System Project 1.0 via the username and password parameters...

CVE-2022-4091

A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function query of the file food.php. The manipulation of the argument productname leads to cross site scripting. It is possible to initiate the attack remotely. The explo...

CVE-2025-4499

A vulnerability classified as critical was found in code-projects Simple Hospital Management System 1.0. Affected by this vulnerability is the function Add of the component Add Information. The manipulation of the argument xi.name/xi.disease leads to stack-based buffer overflow. The attack needs ...

PT-2025-18282 · Unknown · Phpgurukul Park Ticketing Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Park Ticketing Management System version 2.0 Description: A HTML Injection issue was discovered in the normal-bwdates-reports-details.php file. This issue allows remote attackers to execute arbitrary code via the fromdate and todat...

CVE-2025-3959 withstars Books-Management-System reader_delete.html cross-site request forgery

A vulnerability was found in withstars Books-Management-System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /readerdelete.html. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploi...

CVE-2025-2832 mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 cross-site request forgery

A vulnerability was found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit...

CVE-2025-1164

CVE-2025-1164 affects code-projects’ Police FIR Record Management System 1.0, specifically the Add Record Handler component. A stack-based buffer overflow vulnerability has been reported, requiring local access to exploit. The linked PT-2025-6103 entry confirms the vulnerability scenario and note...

The vulnerability of the CMS system Netcat, related to the lack of restrictions on file downloads, allows attackers to execute arbitrary code or cause service interruptions.

The vulnerability of the CMS system Netcat is related to the lack of restrictions on file downloads. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause service failures...