Lucene search
K

4705 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.5 views

CVE-2026-39613

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in kutethemes Boutique kute-boutique allows PHP Local File Inclusion.This issue affects Boutique: from n/a through = 2.3.3...

5.9AI score0.00381EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.4 views

CVE-2026-39538 WordPress Mikado Core plugin <= 1.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Mikado Core mikado-core allows PHP Local File Inclusion.This issue affects Mikado Core: from n/a through = 1.6...

5.8AI score0.00381EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.6 views

WordPress plugin OrganicFood 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.8AI score0.00381EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/07 10:51 a.m.3 views

CVE-2026-5642

A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown function of the file /viva/update.php of the component HTTP POST Request Handler. This manipulation of the argument Name causes improper authorization. It ...

7.5CVSS5.6AI score0.00284EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 12:32 p.m.3 views

EUVD-2026-19221

A weakness has been identified in projectworlds Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /pay.php of the component Parameter Handler. Executing a manipulation of the argument mpesa can lead to sql injection. The attack can be launched remotely...

7.5CVSS6.9AI score0.00274EPSS
Exploits0References5
NVD
NVD
added 2026/04/06 9:16 a.m.8 views

CVE-2026-5639

A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. The attack can be executed remotely. The...

6.5CVSS0.00246EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

Car Rental System SQL注入漏洞

Car Rental System is a car rental system developed by AMEY THAKUR, an individual developer in India. Version 1.0 of Car Rental System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the mpesa parameter in the pay.php file, which may lead to SQL injection...

7.5CVSS7.2AI score0.00274EPSS
Exploits0References4
CVE
CVE
added 2026/04/05 9:15 a.m.8 views

CVE-2026-5555

The CVE-2026-5555 entry concerns code-projects Concert Ticket Reservation System 1.0, specifically an issue in the login.php file under the Parameter Handler. The vulnerability stems from manipulating the Email argument, enabling SQL injection. It is described as exploitable remotely and with a p...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/30 6:31 p.m.4 views

EUVD-2026-17135

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via...

6AI score0.00252EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 5:2 p.m.3 views

CVE-2026-27048

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes The Aisle Core theaisle-core allows PHP Local File Inclusion.This issue affects The Aisle Core: from n/a through = 2.0.5...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:1 p.m.2 views

CVE-2026-22502

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Mr. Cobbler mr-cobbler allows PHP Local File Inclusion.This issue affects Mr. Cobbler: from n/a through = 1.1.9...

8.1CVSS5.8AI score0.00504EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 3:30 p.m.6 views

EUVD-2026-16195

A security flaw has been discovered in itsourcecode Payroll Management System up to 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

5.3CVSS4.3AI score0.00269EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.5 views

CVE-2026-32401

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.9...

7.2CVSS5.8AI score0.00398EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 2:31 a.m.2 views

CVE-2026-4838 SourceCodester Malawi Online Market display.php sql injection

A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown function of the file /display.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be us...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/25 9:56 p.m.9 views

AVideo is Vulnerable to SQL Injection through Subscribe Endpoint via Unsanitized user_id Parameter

Summary The Subscribe::save method in objects/subscribe.php concatenates the $this-usersid property directly into an INSERT SQL query without sanitization or parameterized binding. This property originates from $POST'userid' in both subscribe.json.php and subscribeNotify.json.php. An authenticate...

7.1CVSS6.1AI score0.00224EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15738

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Mixtape mixtape allows PHP Local File Inclusion.This issue affects Mixtape: from n/a through = 2.1...

5.8AI score0.00403EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.3 views

CVE-2026-25380

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes Feedy feedy allows PHP Local File Inclusion.This issue affects Feedy: from n/a through 2.1.5...

8.1CVSS0.00403EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 5:16 p.m.6 views

CVE-2026-22516

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Wizor's wizors-investments allows PHP Local File Inclusion.This issue affects Wizor's: from n/a through = 2.12...

8.1CVSS0.00415EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 5:16 p.m.3 views

CVE-2026-22503

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Nelson nelson allows PHP Local File Inclusion.This issue affects Nelson: from n/a through = 1.2.0...

8.1CVSS0.00504EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 5:16 p.m.3 views

CVE-2026-22495

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Greenville greenville allows PHP Local File Inclusion.This issue affects Greenville: from n/a through = 1.3.2...

8.1CVSS0.00504EPSS
Exploits0References1
Rows per page
Query Builder