SourceCodester Online Bank Management System 注入漏洞

SourceCodester Online Bank Management System is a SourceCodester open source online bank management system. SourceCodester Online Bank Management System 1.0 and earlier versions exist injection vulnerability, the vulnerability stems from the file /bank/transfer.php parameter email mishandling lea...

CVE-2025-8966

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/tax.php. The manipulation of the argument tname leads to sql injection. The attack may be initiated remotely. The exploit has been...

1000 Projects Sales Management System 代码注入漏洞

1000 Projects Sales Management System is an open source sales management system from 1000 Projects. A code injection vulnerability exists in version 1.0 of the 1000 Projects Sales Management System, which originates from a cross-site scripting attack due to a misbehavior of the parameter salescat...

WordPress plugin WP REST Cache 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

CVE-2012-10045

XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST...

CVE-2012-10047 Cyclope Employee Surveillance Solution v6.x SQL Injection

Cyclope Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a...

PT-2025-32393 · Unknown · Projectpier

Name of the Vulnerable Software and Affected Versions: Project Pier versions 0.8.8 and earlier Description: Project Pier is susceptible to an unauthenticated arbitrary file upload issue in the tools/upload file.php script. The upload process does not validate file types or require authentication,...

PT-2025-32286 · Unknown · Hospital Management System Version 4

Name of the Vulnerable Software and Affected Versions: Hospital Management System version 4 Description: Hospital Management System version 4 is susceptible to a SQL injection due to insufficient input validation. The vulnerability exists in the /Hospital-Management-System-master/func.php file...

CVE-2012-10026 WordPress Plugin Asset-Manager <= 2.0 PHP File Upload

The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious PHP scripts to a predictable temporary...

CVE-2025-8545 Portabilis i-Educar educar_motivo_afastamento_cad.php cross site scripting

A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /intranet/educarmotivoafastamentocad.php. The manipulation of the argument nmmotivo leads to cross site scripting. The attack may be...

PT-2025-31979

Name of the Vulnerable Software and Affected Versions WP-Property versions prior to 1.36.0 Description The WP-Property plugin for WordPress through version 1.35.0 contains a file upload issue in the uploadify.php script. A remote attacker can upload arbitrary PHP files to a temporary directory...

CVE-2025-8510 Portabilis i-Educar educar_matricula_lst.php Gerar cross site scripting

A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. This affects the function Gerar of the file ieducar/intranet/educarmatriculalst.php. The manipulation of the argument refcodaluno leads to cross site scripting. It is possible to initiate the attack remotely. Th...

CVE-2025-8467

A vulnerability was found in code-projects Wazifa System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /controllers/regcontrol.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely...

CVE-2025-8372

A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/updates7.php. The manipulation of the argument credits leads to sql injection. The attack may be launched remotely. The exploit h...

CVE-2025-8371 code-projects Exam Form Submission update_s5.php sql injection

A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/updates5.php. The manipulation of the argument credits leads to sql injection. The attack can be launched remotely. Th...

Code-Projects Exam Form Submission 注入漏洞

Code-Projects Exam Form Submission is an open source exam form from Code-Projects. An injection vulnerability exists in Code-Projects Exam Form Submission version 1.0, which originates from SQL injection due to incorrect manipulation of parameter credits in file /admin/updates4.php...

CVE-2014-125115

An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. The mobile/index.php endpoint fails to properly sanitize user input in the loginhashdata parameter, allowing attackers to extract administrator credentials or active session tokens via crafted...

CVE-2025-46099

In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logic in albums.site.php, resulting in arbitrary command execution through a GET parameter...

CVE-2025-46099

In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logic in albums.site.php, resulting in arbitrary command execution through a GET parameter...

CVE-2025-46099

In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logic in albums.site.php, resulting in arbitrary command execution through a GET parameter...