52 matches found
EUVD-2019-19804
XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photoid parameter. Attackers can send GET requests to photo.php with malicious photoid values to extract sensitive data, bypass...
CVE-2019-25522 XooGallery Lastest Latest Multiple SQL Injections via photo.php
XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photoid parameter. Attackers can send GET requests to photo.php with malicious photoid values to extract sensitive data, bypass...
EUVD-2008-4329
Malware in sbrugna...
EUVD-2010-1371
Malware in sbrugna...
EUVD-2012-4226
Malware in sbrugna...
EUVD-2024-16785
Malicious code in bioql PyPI...
EUVD-2022-42812
Malicious code in bioql PyPI...
PT-2025-28405 · Unknown · Code-Projects E-Commerce Website
Name of the Vulnerable Software and Affected Versions: code-projects E-Commerce Site version 1.0 Description: A critical issue has been found in the code-projects E-Commerce Site, affecting an unknown function of the file /admin/users photo.php. The manipulation of the photo argument leads to...
CVE-2025-6843 code-projects Simple Photo Gallery upload-photo.php unrestricted upload
A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been classified as critical. Affected is an unknown function of the file /upload-photo.php. The manipulation of the argument fileimg leads to unrestricted upload. It is possible to launch the attack remotely. The exploit...
CVE-2025-3765 SourceCodester Web-based Pharmacy Product Management System edit-photo.php unrestricted upload
A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file /edit-photo.php. The manipulation of the argument Avatar leads to unrestricted upload. The attack may be...
CVE-2024-4500 SourceCodester Prison Management System edit-photo.php unrestricted upload
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Employee/edit-photo.php. The manipulation of the argument userImage leads to unrestricted upload. The attack can be initiated remotely...
DerbyNet photo.php script cross-site scripting vulnerability
DerbyNet is a simple code for a match broadcasting program. A cross-site scripting vulnerability exists in the DerbyNet photo.php script due to improper validation of user-supplied input in the photo.php script. An attacker could use this vulnerability to steal the victim's cookie-based...
CVE-2024-30921
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component...
CVE-2024-30921
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component...
CVE-2024-30921
CVE-2024-30921 affects DerbyNet v9.0 and earlier. A cross-site scripting (XSS) vulnerability in the photo.php component allows a remote attacker to execute arbitrary code via crafted requests/URLs. Exploitation appears possible without authentication (remote vector) and can impact user sessions t...
CVE-2024-30921
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component...
DerbyNet 安全漏洞
DerbyNet is a simple code for a match broadcasting program. A cross-site scripting vulnerability exists in the DerbyNet photo.php script due to improper validation of user-supplied input in the photo.php script. An attacker could use this vulnerability to steal the victim's cookie-based...
CVE-2024-3436 SourceCodester Prison Management System Avatar edit-photo.php unrestricted upload
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Admin/edit-photo.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack c...
Unrestricted file upload
Unrestricted File Upload vulnerability in Employee Management System 1.0 allows a remote attacker to execute arbitrary code via the edit-photo.php component...
CVE-2024-1008 SourceCodester Employee Management System Profile Page edit-photo.php unrestricted upload
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Profile Page. The manipulation leads to unrestricted upload. The attack can be...