EUVD-2026-25988

A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function deletecart of the file /admin/ajax.php?action=deletecart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2022-44279

Garage Management System v1.0 is vulnerable to Cross Site Scripting XSS via /garage/phpaction/createBrand.php...

PT-2024-25114 · Thinksaas · Thinksaas

Name of the Vulnerable Software and Affected Versions: ThinkSAAS version 3.7.0 Description: A stored cross-site scripting XSS vulnerability in the component /action/anti.php allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter...

Sql injection

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the productId parameter at /phpaction/fetchSelectedfood.php...

Code injection

Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/phpaction/editProductImage.php?id=1...

CVE-2022-38877

Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/phpaction/editProductImage.php?id=1...

CVE-2018-8967

An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request...