CVE-2025-14227 Philipinho Simple-PHP-Blog edit.php sql injection

A security flaw has been discovered in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. This issue affects some unknown processing of the file /edit.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to...

PluckCMS 4.7.10 - Unrestricted File Upload

Exploit Title: PluckCMS 4.7.10 - Unrestricted File Upload Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/pluck-cms/pluck/ Software Link: https://github.com/pluck-cms/pluck/ Version: 4.7.10 Tested on: Windows CVE : CVE-2020-20969 Proof Of Concept GET...

Arbitrary Command Injection

Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Arbitrary Command Injection via the Ad management feature. An attacker can execute arbitrary code on the server by uploading a crafted PHP file, which is then executed due to insufficient...

EUVD-2025-200208

The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of File with Dangerous Type in versions up to and including 1.9.0. This is due to the plugin's savefile function in inc/emails/handler/uploads.php which duplicates all email attachments to a web-accessibl...

CVE-2025-65657

CVE-2025-65657 affects FeehiCMS 2.1.1. A vulnerability in Ad Management allows authenticated remote attackers to upload files (e.g., crafted PHP) that the server may execute, causing remote code execution. The issue is tied to unrestricted file upload with insufficient validation. Exploitation de...

CVE-2025-13434

A weakness has been identified in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hush\hush-lib\hush\Util.php of the component HTTP Host Header Handler. This manipulation of the argument $SERVER'HOST' causes improper neutralization of http headers for scriptin...

PT-2025-47552

A vulnerability was found in code-projects Online Shop Project 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument Password results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

EUVD-2025-197911

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

Projectworlds Advanced Library Management System SQL注入漏洞

Projectworlds Advanced Library Management System is an advanced library management system from Projectworlds India. A SQL injection vulnerability exists in Projectworlds Advanced Library Management System version 1.0, which stems from incorrect manipulation of the parameter rollnumber in the file...

PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal

Summary An unauthenticated Local File Inclusion exists in the template-switching feature: if templateselection is enabled in the configuration, the server trusts the template cookie and includes the referenced PHP file. An attacker can read sensitive data or, if they manage to drop a PHP file...

CVE-2024-44630

Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country,...

Code-Projects Responsive Hotel Site SQL注入漏洞

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter eid in the file /admin/usersettingdel.php. An attacker can exploit this...

FoxCMS Cross-Site Scripting Vulnerability

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. FoxCMS 1.2.16 and previous versions of the existence of cross-site scripting vulnerability, the vulnerability stems from the file app/admin/controller/Product.php parameter Title on the user-provided data...

EUVD-2025-50830

An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-63678

An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file...

Exploit for CVE-2025-12973

S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image G...

CVE-2025-12926

The vulnerability CVE-2025-12926 affects SourceCodester Farm Management System 1.0. The issue is in the /review.php file where manipulation of the pid parameter enables SQL injection, allowing Remote code execution of the attack. Public exploits have been reported, indicating practical impact is ...

CVE-2025-63678

An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-60194

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows PHP Local File Inclusion.This issue affects Premmerce Product Search for WooCommerce: from n/a through ...

CVE-2025-12856 code-projects Responsive Hotel Site reservation.php sql injection

A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/reservation.php. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and...