CVE-2024-41444

SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so...

CVE-2024-41351

bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting XSS via Public/statics/umeditor123/php/getContent.php...

CVE-2023-49715

A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP...

CVE-2025-14430

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through = 2.9.0...

CVE-2022-27352

Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-27064

Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploadedsongs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-27357

Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customerregister.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

WordPress plugin Gecko 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-69356

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodexThemes TheGem Theme Elements for Elementor thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements for Elementor: from n/a through...

WordPress plugin Calafate 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin TheGem Theme Elements (for Elementor) 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2026-0591

A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/checkout/update.php of the component Cart Update Handler. Such manipulation of the argument id/qty leads to sql injection. It is possible to launch t...

CVE-2026-0590

A vulnerability was determined in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/checkout/delete.php of the component POST Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate th...

CVE-2026-0586

A vulnerability was detected in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file handgunner-administrator/prod.php. Performing a manipulation of the argument cat results in cross site scripting. The attack is possible to be carried out...

PT-2026-1259

Name of the Vulnerable Software and Affected Versions jwsthemes FreeAgent versions through 2.1.2 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for unauthorized access and...

PT-2026-1278

Name of the Vulnerable Software and Affected Versions code-projects Online Product Reservation System version 1.0 Description A flaw exists in code-projects Online Product Reservation System 1.0 that allows for SQL injection. The issue is located in an unknown function within the...

EmpireSoft EmpireCMS 代码问题漏洞

EmpireSoft EmpireCMS Empire Content Management System is an open source content management system CMS from EmpireSoft. A code issue vulnerability exists in EmpireSoft EmpireCMS version 8.0 and prior versions, which stems from an incorrect operation of the function CheckSaveTranFiletype in the fil...

Student File Management System download.php File SQL Injection Vulnerability

Student File Management System is a student file management system. A SQL injection vulnerability exists in Student File Management System due to mishandling of the istoreid parameter by an unknown function module in the /download.php file. An attacker can use this vulnerability to obtain or tamp...

EUVD-2025-205750

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from n/a through = 1.3.15...

CVE-2025-15211

CVE-2025-15211 affects Code-Projects’ Refugee Food Management System 1.0. A SQL injection vulnerability exists in the file /home/refugee.php caused by manipulating input arguments (refNo, Fname, Lname, sex, age, contact, nationality_nid) passed to an unknown function. The issue is exploitable rem...