13 matches found
CVE-2026-2895 funadmin Member.php repass password recovery
A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the argument forgetcode/vercode results in weak password recovery. Remote exploitation of the attack is...
FunAdmin 授权问题漏洞
FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin prior to 7.1.0-rc4 contained authorization-related vulnerabilities. These vulnerabilities stemmed from incorrect handling of the forgetcode/vercode parameters in the...
CVE-2023-4846
A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been rated as critical. This issue affects some unknown processing of the file deletemember.php. The manipulation of the argument memid leads to sql injection. The attack may be initiated remotely. The exploit has be...
PT-2025-49501
Name of the Vulnerable Software and Affected Versions projectworlds Advanced Library Management System version 1.0 Description A security issue exists in projectworlds Advanced Library Management System. Manipulation of the user id argument in the /delete member.php file, through an unknown...
CVE-2025-11475
A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /viewmember.php. Executing a manipulation of the argument userid can lead to sql injection. The attack can be launched remotely. The exploit has...
EUVD-2019-17808
Malware in sbrugna...
CVE-2025-39570
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Lomu WPCOM Member wpcom-member allows PHP Local File Inclusion.This issue affects WPCOM Member: from n/a through = 1.7.7...
CVE-2025-0541
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/editmember.php. The manipulation of the argument name leads to sql injection. The attack may be initiated remotely. The exploit has...
CVE-2024-6652
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file managemember.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...
CVE-2023-4846
A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been rated as critical. This issue affects some unknown processing of the file deletemember.php. The manipulation of the argument memid leads to sql injection. The attack may be initiated remotely. The exploit has be...
CVE-2017-6574
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/editmember.php with the GET Parameter: filterlist...
CVE-2004-1863
Multiple cross-site scripting XSS vulnerabilities in XMB aka extreme message board 1.9 beta aka Nexus beta allow remote attackers to inject arbitrary web script or HTML via 1 the u2uheader parameter in editprofile.php, the restrict parameter in 2 member.php, 3 misc.php, and 4 today.php, and 5 an...
XMB < 1.8 SP1 member.php SQL Injection
Binary data 1546.prm...