982 matches found
Yonyou KSOA SQL injection vulnerability
Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameter IDs in the component’s HTTP GET Parameter Handler, specifically for...
CVE-2023-4987
A vulnerability, which was classified as critical, has been found in infinitietech taskhub 2.8.7. Affected by this issue is some unknown functionality of the file /home/gettaskslist of the component GET Parameter Handler. The manipulation of the argument project/status/userid/sort/search leads to...
CVE-2025-1853
A vulnerability was found in Tenda AC8 16.03.34.06 and classified as critical. This issue affects the function sub49E098 of the file /goform/SetIpMacBind of the component Parameter Handler. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated...
CVE-2026-0590
A vulnerability was determined in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/checkout/delete.php of the component POST Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate th...
CVE-2026-0585
A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the file /orderview.php of the component GET Parameter Handler. Such manipulation of the argument transactionid leads to sql injection. The attack can be executed...
CVE-2026-0579
A vulnerability was found in code-projects Online Product Reservation System 1.0. This affects an unknown part of the file /handgunner-administrator/edit.php of the component POST Parameter Handler. The manipulation of the argument prodid/name/price/model/serial results in sql injection. The atta...
EUVD-2026-0855
A vulnerability was determined in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/checkout/delete.php of the component POST Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate th...
CVE-2026-0576
A vulnerability was detected in code-projects Online Product Reservation System 1.0. Affected is an unknown function of the file /handgunner-administrator/prod.php of the component Parameter Handler. Performing a manipulation of the argument cat/price/name/model/serial results in sql injection. I...
CVE-2026-0579
A vulnerability was found in code-projects Online Product Reservation System 1.0. This affects an unknown part of the file /handgunner-administrator/edit.php of the component POST Parameter Handler. The manipulation of the argument prodid/name/price/model/serial results in sql injection. The atta...
CVE-2026-0576
A vulnerability was detected in code-projects Online Product Reservation System 1.0. Affected is an unknown function of the file /handgunner-administrator/prod.php of the component Parameter Handler. Performing a manipulation of the argument cat/price/name/model/serial results in sql injection. I...
CVE-2026-0576
A vulnerability was detected in code-projects Online Product Reservation System 1.0. Affected is an unknown function of the file /handgunner-administrator/prod.php of the component Parameter Handler. Performing a manipulation of the argument cat/price/name/model/serial results in sql injection. I...
CVE-2026-0576
CVE-2026-0576 affects code-projects Online Product Reservation System 1.0, specifically the Parameter Handler’s /handgunner-administrator/prod.php. The vulnerability arises from manipulating the arguments cat/price/name/model/serial within that file, resulting in an SQL injection vulnerability. T...
CVE-2026-0576
A vulnerability was detected in code-projects Online Product Reservation System 1.0. Affected is an unknown function of the file /handgunner-administrator/prod.php of the component Parameter Handler. Performing a manipulation of the argument cat/price/name/model/serial results in sql injection. I...
CVE-2026-0576 code-projects Online Product Reservation System Parameter prod.php sql injection
A vulnerability was detected in code-projects Online Product Reservation System 1.0. Affected is an unknown function of the file /handgunner-administrator/prod.php of the component Parameter Handler. Performing a manipulation of the argument cat/price/name/model/serial results in sql injection. I...
CVE-2026-0576 code-projects Online Product Reservation System Parameter prod.php sql injection
A vulnerability was detected in code-projects Online Product Reservation System 1.0. Affected is an unknown function of the file /handgunner-administrator/prod.php of the component Parameter Handler. Performing a manipulation of the argument cat/price/name/model/serial results in sql injection. I...
PT-2026-1191
Name of the Vulnerable Software and Affected Versions Online Product Reservation System version 1.0 Description A flaw exists in the POST Parameter Handler component of the software, specifically within the /handgunner-administrator/edit.php file. The prod id, name, price, model, and serial...
PT-2026-1186
Name of the Vulnerable Software and Affected Versions code-projects Online Product Reservation System version 1.0 Description A flaw exists in code-projects Online Product Reservation System 1.0, specifically within the Parameter Handler component. Manipulation of the cat/price/name/model/serial...
CVE-2025-15424
A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agentworksdel.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The...
CVE-2025-15424
A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agentworksdel.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The...
CVE-2025-15425 Yonyou KSOA HTTP GET Parameter del_user.jsp sql injection
A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/deluser.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit ha...