WordPress plugin FW Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

School Fees Payment System fees.php file cross-site scripting vulnerability

School Fees Payment System is a tuition payment system. School Fees Payment System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter translationremark in the file /fees.php, which can be exploited ...

WordPress plugin Samex - Clean, Minimal Shop WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-6607

A vulnerability, which was classified as critical, was found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/stock.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2025-52921

Innoshop up to version 0.4.1 contains a server-side code execution flaw in the File Manager of the admin panel. An authenticated attacker can upload a crafted file and bypass the image-only check by renaming the file to a .php extension (renaming function), enabling a subsequent GET request to ex...

PT-2025-26645 · Convoy · Convoy

Name of the Vulnerable Software and Affected Versions: Convoy versions 3.9.0-rc3 through 4.4.0 Description: Convoy is a KVM server management panel for hosting businesses. A directory traversal vulnerability exists in the LocaleController component, allowing an unauthenticated remote attacker to...

Code-Projects Online Shopping Store 安全漏洞

Code-Projects Online Shopping Store is a Code-Projects open source online store. A security vulnerability exists in Code-Projects Online Shopping Store version 1.0, which originates from SQL injection due to incorrect manipulation of the parameters catid/brandid/keyword/proId/pid in file/action.p...

Hospital Management System 注入漏洞

Hospital Management System is a hospital management software by Pon Aravind Boominathan, an individual developer. An injection vulnerability exists in Hospital Management System version 1.0, which results from SQL injection due to incorrect manipulation of parameter username1 in file /func3.php...

WordPress Blogprise plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Blogprise plugin that stems from improper file name control and can be exploited by an attacker to cause PHP native file...

WordPress Arlo plugin path traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Arlo plugin has a path traversal vulnerability that stems from not doing effective filtering of resource calls, which can be exploited by an attacker to cause PHP loca...

CVE-2025-5971

A vulnerability was found in code-projects School Fees Payment System 1.0. It has been classified as critical. This affects an unknown part of the file /ajx.php. The manipulation of the argument namestartsWith leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

Employee Record Management System /myexp.php File SQL Injection Vulnerability

Employee Record Management System is an employee record management system. Employee Record Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter emp3ctc in the file /myexp.php. An attacker can...

WordPress plugin Petito 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Magty 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PHPGurukul Employee Record Management System 注入漏洞

Employee Record Management System is an employee record management system. Employee Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/allemployees.php. An...

WordPress plugin BRW 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-24236 · WordPress · Wp Travel Engine

Name of the Vulnerable Software and Affected Versions: WP Travel Engine versions through 6.5.1 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion'. This allows PHP Local File Inclusion...

CVE-2025-5371 SourceCodester Health Center Patient Record Management System admin.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Health Center Patient Record Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin.php. The manipulation of the argument Username leads to sql injection. The attack m...

CVE-2025-45997

Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image/jpg...

CVE-2025-45997

Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image/jpg...