Code-Projects Refugee Food Management System SQL注入漏洞

Code-Projects Refugee Food Management System is an open source refugee food management system from Code-Projects. A SQL injection vulnerability exists in Code-Projects Refugee Food Management System version 1.0, which stems from an incorrect manipulation of the parameters refNo, Fname, Lname, sex...

CVE-2024-25181

A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery SSRF and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "filegetcontents" function within the "save.php" file...

CVE-2025-15142

A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and...

EUVD-2025-205569

A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead to sql injection. The attack can be executed remotely. The exploit has been made available to th...

CVE-2025-15166 itsourcecode Online Cake Ordering System updatesupplier.php sql injection

A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown function of the file /updatesupplier.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be...

PT-2025-53660

Name of the Vulnerable Software and Affected Versions dayrui XunRuiCMS versions up to 4.7.1 Description A flaw exists in dayrui XunRuiCMS that allows for cross site scripting. The issue is located in the JSONP Callback Handler component, specifically within the dr show error/dr exit msg function ...

SyCms 代码注入漏洞

SyCms is a content management system for shanyu individual developers. SyCms code injection vulnerability exists, the vulnerability stems from the incorrect operation of the function addPost in the file Application/Admin/Controller/FileManageController.class.php, which may lead to code injection...

Command Injection

Overview dreamfactory/df-core is a DreamFactorytm Core Components Affected versions of this package are vulnerable to Command Injection via the saveZipFile function in the Components/Package/Package.php file. An attacker can execute arbitrary code in the context of the service account by supplyin...

CVE-2025-68546

CVE-2025-68546 describes an LFI (Local File Inclusion) vulnerability in the WordPress Nika theme (and related WordPress Nika plugin). The issue stems from improper control/filtration of filenames used with PHP include/require, allowing local file inclusion. Affected version range is up to and inc...

PT-2025-52836

Name of the Vulnerable Software and Affected Versions CMSimple XH version 1.7.4 Description The software contains an authenticated remote code execution issue in the content editing functionality. Administrative users can upload malicious PHP files. Attackers with valid credentials can exploit th...

PT-2025-52708

Name of the Vulnerable Software and Affected Versions WebTareas version 2.4 Description WebTareas 2.4 has a file upload issue that permits authenticated users to upload malicious PHP files via the chat photo upload feature. An attacker can upload a PHP file containing arbitrary code to the...

CVE-2025-58937

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Tacticool tacticool allows PHP Local File Inclusion.This issue affects Tacticool: from n/a through = 1.0.13...

CVE-2025-49943

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Femme femme allows PHP Local File Inclusion.This issue affects Femme: from n/a through = 1.3.11...

CVE-2025-64373

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in shinetheme Traveler traveler allows PHP Local File Inclusion.This issue affects Traveler: from n/a through 3.2.6...

CVE-2025-53448

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Rally rally allows PHP Local File Inclusion.This issue affects Rally: from n/a through = 1.1...

EUVD-2025-204206

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Beautique beautique allows PHP Local File Inclusion.This issue affects Beautique: from n/a through = 1.5...

CVE-2025-60047

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes IPharm ipharm allows PHP Local File Inclusion.This issue affects IPharm: from n/a through = 1.2.3...

CVE-2025-58935

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Lunna lunna allows PHP Local File Inclusion.This issue affects Lunna: from n/a through = 1.15...

CVE-2025-58936

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Catamaran catamaran allows PHP Local File Inclusion.This issue affects Catamaran: from n/a through = 1.15...

CVE-2025-58709

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Legacy legacy allows PHP Local File Inclusion.This issue affects Legacy: from n/a through = 1.9...