CVE-2026-11435 Jinher OA nextselectplan.aspx sql injection

A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...

CVE-2026-5636

A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /cancelorder.php of the component Parameter Handler. This manipulation of the argument oid causes sql injection. The attack may be initiated remotely. The exploit has been mad...

CVE-2026-5636 PHPGurukul Online Shopping Portal Project Parameter cancelorder.php sql injection

A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /cancelorder.php of the component Parameter Handler. This manipulation of the argument oid causes sql injection. The attack may be initiated remotely. The exploit has been mad...

CVE-2026-5636

CVE-2026-5636 affects PHPGurukul Online Shopping Portal Project 2.1, specifically an issue in the Parameter Handler for the /cancelorder.php endpoint. Manipulation of the argument oid enables SQL injection, with remote exploitation possible. The description notes that an exploit has been made pub...

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project of PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter “oid” in the...

PT-2026-30581

A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /cancelorder.php of the component Parameter Handler. This manipulation of the argument oid causes sql injection. The attack may be initiated remotely. The exploit has been mad...

CVE-2025-65647

Insecure Direct Object Reference IDOR in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter...

EUVD-2012-4014

Malware in sbrugna...

CVE-2025-6437

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘oid’ parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

CVE-2008-0846

SQL injection vulnerability in index.php in the comprofile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter...

Chicheng JFLow 访问控制错误漏洞

Chicheng JFLow is a workflow engine form from China Chicheng Chicheng. An access control error vulnerability exists in Chicheng JFLow version 2.0.0, which stems from a parameter oid in file /WF/Ath/EntityMutliFileLoad.do that can lead to improper access control...

PT-2023-16711 · Sourcecodester · Sourcecodester Online Pet Shop We App

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Pet Shop We App version 1.0 Description: A vulnerability has been found in the SourceCodester Online Pet Shop We App, affecting the file /pet shop/admin/orders/update status.php. The manipulation of the oid argument with...

CVE-2022-23336

S-CMS v5.0 was discovered to contain a SQL injection vulnerability in memberpay.php via the Oid parameter...

DomainMod 4.09.03 Cross Site Scripting

Exploit Title: DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter Date: 2018-05-28 Exploit Author: longeri1/[email protected]/4 Vendor Homepage: domainmod https://github.com/domainmod/domainmod Software Link: domainmod https://github.com/domainmod/domainmod Version:...

Design/Logic Flaw

DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter...

CVE-2018-11403

DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter...

CVE-2018-11403

DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter...

CVE-2018-11403

CVE-2018-11403 affects DomainMod v4.09.03, with an XSS flaw in assets/edit/account-owner.php using the oid parameter. Root cause: insufficient input sanitization/execution of user-supplied oid enabling script injection. Impact: cross-site scripting in affected sessions; CVSS v3.0 base score 5.4 (...

WordPress Oturia Smart Google Code Inserter Plugin SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Oturia Smart Google Code Inserter plugin is used in one of the meta-tagging validation to add plug-ins. A SQL...

SQL Injection Vulnerability in VOA (Pengwei) System oid Parameters

Shenzhen Pengwei Information Technology Co., Ltd VOA collaborative office platform is a kind of asp development OA system. VOA Pengwei system oid parameters exist SQL injection vulnerability, the vulnerability URL is...