CVE-2026-4781 SourceCodester Sales and Inventory System HTTP GET Parameter update_purchase.php sql injection

A flaw has been found in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file updatepurchase.php of the component HTTP GET Parameter Handler. Executing a manipulation of the argument sid can lead to sql injection. The attack may be performed from...

CVE-2026-4780

A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file updateoutstanding.php of the component HTTP GET Parameter Handler. Performing a manipulation of the argument sid results in sql injection. The attack is possible to be carrie...

CVE-2026-4780 SourceCodester Sales and Inventory System HTTP GET Parameter update_out_standing.php sql injection

A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file updateoutstanding.php of the component HTTP GET Parameter Handler. Performing a manipulation of the argument sid results in sql injection. The attack is possible to be carrie...

CVE-2026-4777

CVE-2026-4777 affects SourceCodester Sales and Inventory System 1.0, specifically the POST Parameter Handler’s file view_supplier.php. The vulnerability arises from manipulating the searchtxt argument, enabling SQL injection. The issue can be exploited remotely and, according to the sources, the ...

EUVD-2026-14956

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

CVE-2026-23923

A flaw was found in Zabbix. An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. This could lead to a limited impact on the availability of the system, depending on the environment setup. Mitigation Mitigation for this issue is eithe...

CVE-2026-33347

league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like...

CVE-2026-23923

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

CVE-2026-23923 Unauthenticated arbitrary PHP class instantiation

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

CVE-2026-23923 Unauthenticated arbitrary PHP class instantiation

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

CLSA-2026-1774375498 Update of alt-php

New microcode update packages from upstream up to 2026-02-21: - Addition AMD CPU microcode for processor family 0x1a: cpuid:0x00B00F21ver:0x0B002161, cpuid:0x00B00F81ver:0x0B008121, cpuid:0x00B10F10ver:0x0B101058, cpuid:0x00B20F40ver:0x0B204037, cpuid:0x00B40F40ver:0x0B404035,...

EUVD-2019-20033

PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them...

EUVD-2019-20004

phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fmcurrentdir, and filename parameters. Attackers can send GET requests to index.php with crafted parameter values to access sensitive files...

CVE-2019-25643

eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid parameter to extra...

CVE-2019-25638

Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL payloads in the 'id'...

CVE-2019-25647

PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them...

CVE-2019-25647 PhreeBooks ERP 5.2.3 Remote Code Execution via Image Manager

PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them...

CVE-2019-25641 Netartmedia Vlog System Lastest SQL Injection via email Parameter

Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgottenpassword module to...

CVE-2019-25639 Matrimony Website Script M-Plus Multiple SQL Injection

Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, an...

CVE-2019-25632

phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fmcurrentdir, and filename parameters. Attackers can send GET requests to index.php with crafted parameter values to access sensitive files...