Code-Projects Hotel and Tourism Reservation System SQL注入漏洞

Code-Projects Hotel and Tourism Reservation System is an open-source hotel and tourism reservation system developed by Code-Projects. Version 1.0 of the Code-Projects Hotel and Tourism Reservation System has a SQL injection vulnerability. This vulnerability arises from improper handling of the ro...

CollegeManagementSystem 代码注入漏洞

CollegeManagementSystem is a comprehensive management system for college students and academic administration, developed by Tittu Varghese. CollegeManagementSystem has a code injection vulnerability. This vulnerability stems from improper handling of the departmentname parameter in the...

SourceCodester Ship Ferry Ticket Reservation System 授权问题漏洞

The SourceCodester Ship Ferry Ticket Reservation System is an open-source booking system developed by SourceCodester. Version 1.0 of the SourceCodester Ship Ferry Ticket Reservation System has a vulnerability related to authorization issues. This vulnerability arises from improper handling of the...

WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection

Exploit Title: WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection Google Dork: N/A Date: 2026-06-02 Exploit Author: cardosource Vendor Homepage: https://contest-gallery.com/ Software Link: https://wordpress.org/plugins/contest-gallery/ Version: getrow without proper...

PT-2026-46949

Name of the Vulnerable Software and Affected Versions Lyrion Music Server version 9.2.0 Description An unauthenticated reflected cross-site scripting issue exists in the 'server.log' endpoint. This allows attackers to inject arbitrary HTML and JavaScript code via the search parameter. By crafting...

PT-2026-47055

Name of the Vulnerable Software and Affected Versions Tenda FH451 version 1.0.0.9 Description A stack overflow exists in the fromDhcpListClient function. This occurs when processing the page parameter via a crafted HTTP request, which can lead to a Denial of Service DoS, a condition where the...

D-Link DWR-M920 命令注入漏洞

The D-Link DWR-M920 is a router produced by D-Link Corporation. Versions of the D-Link DWR-M920 prior to 1.1.50 contained a command injection vulnerability. This vulnerability stemmed from improper handling of the ussdValue parameter in the sub41CF20 function found in the /boafrm/formUSSDSetup...

📄 WordPress Contest Gallery 28.1.4 SQL Injection

WordPress Contest Gallery plugin versions 28.1.4 and below suffer from a remote SQL injection vulnerability. Exploit Title: WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection Tested on: Docker - PHP 8.2/Apache + MariaDB WordPress Environment CVE: 2026-3180 """ Description A...

PT-2026-46931

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

SourceCodester Ship Ferry Ticket Reservation SQL注入漏洞

SourceCodester Ship Ferry Ticket Reservation is an open-source ticket reservation service developed by SourceCodester. Versions of SourceCodester Ship Ferry Ticket Reservation prior to 1.0 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of the Username...

CVE-2026-10877 SourceCodester Ship Ferry Ticket Reservation System Admin Login login.php sql injection

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Username leads to sql injection. The attack can be executed...

CVE-2026-10874

A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument socialinsta leads to sql injection. The attack may be initiated remotely. The exploit is publicly...

CVE-2026-10875 projectworlds Online Art Gallery Shop Project adminHome.ph sql injection

A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument socialtwitter results in sql injection. The attack may be launched remotely. The exploit has been...

CVE-2026-10874 projectworlds Online Art Gallery Shop Project adminHome.php sql injection

A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument socialinsta leads to sql injection. The attack may be initiated remotely. The exploit is publicly...

WWBN AVideo: Unauthenticated Reflected XSS via $_GET['search'] in AVideo YouTubeAPI Gallery Pagination

Unauthenticated Reflected XSS via $GET'search' in AVideo YouTubeAPI Gallery Pagination Summary A reflected Cross-Site Scripting vulnerability CWE-79 in the AVideo YouTubeAPI plugin allows any unauthenticated attacker to execute arbitrary JavaScript in a victim's browser session when the victim...

GHSA-HGJH-6WJ8-GCGF WWBN AVideo: Unauthenticated Reflected XSS via $_GET['search'] in AVideo YouTubeAPI Gallery Pagination

Unauthenticated Reflected XSS via $GET'search' in AVideo YouTubeAPI Gallery Pagination Summary A reflected Cross-Site Scripting vulnerability CWE-79 in the AVideo YouTubeAPI plugin allows any unauthenticated attacker to execute arbitrary JavaScript in a victim's browser session when the victim...

CVE-2026-10815

A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...

CVE-2026-10815

The CVE-2026-10815 entry concerns LakshayD02’s Hostel-Management-System-PHP (up to commit f87e67c283bab6f718faf2fec6ae39a13bd7036b). The vulnerability affects the Admin Dashboard Page, specifically the hostel/index.php component, where manipulating the argument ID results in missing authorization...

CVE-2026-10863

A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This allowed an authenticated user to override the server-defined ordering of over-correlating values. Depending on how the value wa...

CVE-2026-10809

A security flaw has been discovered in itsourcecode Fees Management System 1.0. This impacts an unknown function of the file /manageuser.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be...