PT-2025-39121

Name of the Vulnerable Software and Affected Versions code-projects Online Bidding System version 1.0 Description A security issue exists in code-projects Online Bidding System 1.0. Manipulation of the ID argument in the file '/administrator/weweee.php' can lead to SQL injection. The attack can b...

CSZCMS 安全漏洞

CSZCMS is an open source web application by Cskaza Bassist Individual Developer that allows to manage all content and settings on a website. A security vulnerability exists in CSZCMS version 1.3.0, which stems from unauthenticated input to the execSql function in the Upgrade.php file, which could...

CVE-2025-29084

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Upgrade.php file...

CVE-2025-10813 code-projects Hostel Management System index.php sql injection

A vulnerability was found in code-projects Hostel Management System 1.0. Affected is an unknown function of the file /justines/admin/modreports/index.php. The manipulation of the argument Home results in sql injection. It is possible to launch the attack remotely. The exploit has been made public...

WordPress plugin Easy Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

WordPress plugin immonex Kickstart Team 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

MCIR

The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. It is a collection of tools designed to demonstrate various types of code injection vulnerabilities, including SQL injection, XML/XPath/XSL injection, Cross-Site Scripting XSS, and shell...

CVE-2025-10688

SourceCodester Pet Grooming Management Software v1.0 contains a SQL injection vulnerability in /admin/operation/paid.php, triggered by manipulating the insta_amt parameter (and possibly inv_no). The flaw allows remote exploitation, and public exploitation information exists. Affected component is...

PT-2025-38295

Name of the Vulnerable Software and Affected Versions wangchenyi1996 chat forum up to 80bdb92f5b460d36cab36e530a2c618acef5afd2 Description A flaw exists in wangchenyi1996 chat forum, potentially allowing for cross site scripting. The issue is related to the manipulation of the path argument withi...

PT-2025-38221

Name of the Vulnerable Software and Affected Versions: kidaze CourseSelectionSystem versions prior to 42cd892b40a18d50bd4ed1905fa89f939173a464 Description: A vulnerability exists in kidaze CourseSelectionSystem. The issue involves SQL injection caused by manipulation of the cname argument in the...

i-Educar 代码注入漏洞

i-Educar is a free educational software open source by Portábilis. A code injection vulnerability exists in i-Educar 2.10 and earlier versions, which stems from a misbehavior of the parameter abreviatura/tipoacao in the file /intranet/educarfuncaocad.php, which could lead to a cross-site scriptin...

CVE-2025-10563 Campcodes Grocery Sales and Inventory System ajax.php sql injection

A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=savecategory. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the...

CVE-2025-10329

A vulnerability was detected in cdevroe unmark up to 1.9.3. This affects an unknown part of the file /application/controllers/Marks.php. The manipulation of the argument url results in server-side request forgery. The attack may be launched remotely. The exploit is now public and may be used. The...

CVE-2025-10410

A security vulnerability has been detected in SourceCodester Link Status Checker 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument proxy leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed...

SourceCodester Student Grading System SQL注入漏洞

SourceCodester Student Grading System is an open source student grading system from SourceCodester. A SQL injection vulnerability exists in SourceCodester Student Grading System version 1.0, which stems from an incorrect manipulation of the parameter fname in the file /rms.php, which could lead t...

CVE-2025-10366

A flaw has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/inc.setWlanIpMail.php. This manipulation of the argument Email address causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be...

CVE-2025-10326

A security flaw has been discovered in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/api/playlist/single.php. Performing manipulation of the argument playlist results in os command injection. The attack can be initiated remotely. The exploit has been...

Linux Distros Unpatched Vulnerability : CVE-2017-7887

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. CVE-2017-7887 Note that Nessus relies on the presence of the package as reported...

GHSA-VGMM-27FC-VMGP Maho is Vulnerable to Authenticated Remote Code Execution via File Upload

Summary In Maho 25.7.0, an authenticated staff user with access to the Dashboard and Catalog\Manage Products permissions can create a custom option on a listing with a file input field. By allowing file uploads with a .php extension, the user can use the filed to upload malicious PHP files, gaini...

CVE-2025-58449

Maho is a free and open source ecommerce platform. In Maho prior to 25.9.0, an authenticated staff user with access to the Dashboard and Catalog\Manage Products permissions can create a custom option on a listing with a file input field. By allowing file uploads with a .php extension, the user ca...