22 matches found
PT-2026-40615
Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the payment endpoint,...
goodoneuz/pay-uz: the /payment/api/editable/update endpoint overwrites existing PHP payment hook files
The goodoneuz/pay-uz Laravel package = 2.2.24 contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any without authentication middleware, enabling remot...
CVE-2026-31843
This CVE affects the Laravel package goodoneuz/pay-uz (version
PT-2026-33312
Name of the Vulnerable Software and Affected Versions pay-uz versions prior to 2.2.25 Description The pay-uz Laravel package contains a flaw in the '/payment/api/editable/update' endpoint. This endpoint is exposed via Route::any without authentication middleware, allowing unauthenticated remote...
CVE-2025-13273
Campcodes School Fees Payment Management System 1.0 is affected by CVE-2025-13273 due to a SQL injection in the /ajax.php?action=delete_payment endpoint caused by unsafely manipulated ID parameters. Remote exploitation is possible, and an exploit has been publicly released. The issue is corrobora...
CVE-2025-13269
A vulnerability has been found in Campcodes School Fees Payment Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=savepayment. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...
CVE-2025-13269
The CVE-2025-13269 entry affects Campcodes School Fees Payment Management System 1.0. A SQL injection vulnerability exists in the /ajax.php?action=save_payment handler, triggered by manipulating the ID parameter. Reports across CNVD, Red Hat advisory, CNNVD, CIRCL, and others confirm a remote-att...
EUVD-2025-25865
Malicious code in bioql PyPI...
CVE-2025-10109 Campcodes Online Loan Management System ajax.php sql injection
A vulnerability was determined in Campcodes Online Loan Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=deletepayment. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2025-9502
A weakness has been identified in Campcodes Online Loan Management System 1.0. This impacts an unknown function of the file /ajax.php?action=savepayment. Executing manipulation of the argument loanid can lead to sql injection. The attack may be launched remotely. The exploit has been made availab...
CVE-2025-9502
CVE-2025-9502 affects Campcodes Online Loan Management System v1.0. The vulnerability is an SQL injection in the function/file /ajax.php?action=save_payment (and variations like /ajax.php?action=save payment) caused by manipulation of the loan_id parameter. Attacks can be launched remotely and, p...
CVE-2022-41515
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /saccoshield/ajax.php?action=deletepayment...
CVE-2025-0744
an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker change his subscription plan without paying by making a POST request changing the parameters of the "/demos/embedai/pmtcashondelivery/pay" endpoint...
PT-2023-25706 · Sealos · Sealos
Name of the Vulnerable Software and Affected Versions: Sealos versions 4.2.0 and prior Description: Sealos, a Cloud Operating System for managing cloud-native applications, has a permission flaw in its billing system. This flaw allows users to control the recharge resource account via the...
PT-2022-26283 · Unknown · Open Source Sacco Management System
Name of the Vulnerable Software and Affected Versions: Open Source SACCO Management System version 1.0 Description: The issue concerns SQL Injection, which can be exploited via the "/sacco shield/manage payment.php" API endpoint. Recommendations: For Open Source SACCO Management System version 1....
CVE-2022-41515
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /saccoshield/ajax.php?action=deletepayment...
CVE-2022-41515
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /saccoshield/ajax.php?action=deletepayment...
Open Source SACCO Management System SQL注入漏洞
Open Source SACCO Management System is an open source SACCO management system by Mayuri K. Individual developer. An SQL injection vulnerability exists in Open Source SACCO Management System v1.0, which originates from a security issue with the id parameter of...
PT-2022-25903 · Unknown · Open Source Sacco Management System
Name of the Vulnerable Software and Affected Versions: Open Source SACCO Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the id parameter at the "/sacco shield/ajax.php?action=delete payment" API endpoint. Recommendations:...
PT-2022-25197 · Unknown · Online Tours & Travels Management System
Name of the Vulnerable Software and Affected Versions: Online Tours & Travels Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/tour/admin/update payment.php" API endpoint...