PT-2026-49077

Name of the Vulnerable Software and Affected Versions WP Ticket versions prior to 6.0.5 Description The WP Ticket plugin for WordPress allows unauthenticated attackers to extract sensitive information from the database. The issue occurs during unauthenticated front-end searches when the plugin...

CicadasCMS 代码注入漏洞

CicadasCMS is a content management framework developed by the Chinese individual developer westboy, based on SpringBoot, Mybatis, SpringSecurity, and Vue. CicadasCMS has a code injection vulnerability. This vulnerability stems from the Search method in the...

CVE-2024-12345

A vulnerability classified as problematic was found in INW Krbyyyzo 25.2002. Affected by this vulnerability is an unknown functionality of the file /gbo.aspx of the component Daily Huddle Site. The manipulation of the argument s leads to resource consumption. It is possible to launch the attack o...

SourceCodester Phone Management System 安全漏洞

SourceCodester Phone Management System is an open source phone management system from SourceCodester. A security vulnerability exists in SourceCodester Phone Management System version 1.0, which is caused by a buffer overflow in the Password Handler component's main function due to mishandling of...

INW Krbyyyzo 资源管理错误漏洞

INW Krbyyyzo is an application from INW USA. A resource management error vulnerability exists in INW Krbyyyzo version 25.2002, which stems from an incorrect operation of parameter s that can lead to resource consumption...

CVE-2025-0299

A vulnerability classified as critical has been found in code-projects Online Book Shop 1.0. Affected is an unknown function of the file /searchresult.php. The manipulation of the argument s leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to th...

1000 Projects Bookstore Management System 安全漏洞

1000 Projects Bookstore Management System is an open source bookstore management system from 1000 Projects. A security vulnerability exists in 1000 Projects Bookstore Management System version 1.0, which stems from an incorrect manipulation of parameter s that can lead to SQL injection...

CVE-2023-3690

A vulnerability, which was classified as critical, has been found in Bylancer QuickOrder 6.3.7. Affected by this issue is some unknown functionality of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The attack may be launched...

CVE-2023-3686

A vulnerability was found in Bylancer QuickAI OpenAI 3.8.1. It has been declared as critical. This vulnerability affects unknown code of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The attack can be initiated remotely. The...

PT-2023-25728 · Unknown · Bylancer Quickai Openai

Name of the Vulnerable Software and Affected Versions: Bylancer QuickAI OpenAI version 3.8.1 Description: A critical issue affects the GET Parameter Handler component, specifically the file /blog, where manipulation of the s argument leads to sql injection. This issue can be initiated remotely. T...

Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection

Exploit Title: Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection Date: 05/01/20222 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15119/online-veterinary-appointment-system-using-phpoop-free-source-code.html Software Link:...

FS IMDB Clone SQL Injection Vulnerability

FS IMDB Clone is a set of PHP-based scripts for online movie ticket booking websites. A SQL injection vulnerability exists in FS IMDB Clone version 1.0. The vulnerability can be exploited to inject SQL by sending the 'f' parameter to the movie.php file, the 's' parameter to the tvshow.php file, o...