CVE-2026-3983

A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The manipulation of the argument gamename results in cross site scripting. The attack may be performed from remote. The exploit...

PT-2026-25001

Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in...

PT-2026-24999

🚨 CVE-2019-25539 202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log user parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind...

Netartmedia PHP Mall SQL注入漏洞

Netartmedia PHP Mall is an e-commerce platform system operated by the Bulgarian company Netartmedia. Version 4.1 of Netartmedia PHP Mall contains a SQL injection vulnerability. This vulnerability stems from multiple parameters that are susceptible to SQL injections, potentially allowing unverifie...

PT-2026-25002

Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user email parameter. Attackers can send POST requests to index.php with malicious payloads in the user email field to...

Microsoft Windows Service Installation Persistence

This is a Microsoft Windows persistent service installer for creating backdoor services that automatically start payloads upon system boot. This tool is designed for authorized penetration testing and security research purposes. This variant from the author is written in PHP...

Netartmedia PHP Mall SQL注入漏洞

Netartmedia PHP Mall is an e-commerce platform system operated by the Bulgarian company Netartmedia. Version 4.1 of Netartmedia PHP Mall contains a SQL injection vulnerability. This vulnerability stems from the presence of SQL injection vulnerabilities in the id and Email parameters, which could...

PT-2026-24920

🚨 CVE-2026-3981 A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor action.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit h...

RHEL 8 : php:7.4 (RHSA-2026:4507)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:4507 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in arraymerge...

PT-2026-24991

Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive information or bypass authenticatio...

RHEL 8 : php:7.4 (RHSA-2026:4517)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:4517 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in arraymerge...

Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞

Jettweb PHP Ready-made News Sites Script is a content management system provided by the Turkish company Jettweb. The Jettweb PHP Ready-made News Sites Script V2 version has a SQL injection vulnerability. This vulnerability stems from an authentication bypass in the admingiris.php login form, whic...

PT-2026-24990

uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system page GET parameter. Attackers can send crafted requests to index.php with malicious system page values using time-based blind...

PT-2026-25004

Name of the Vulnerable Software and Affected Versions projectsend versions prior to r1946 Description A flaw exists in projectsend up to revision r1945. This impacts an unknown function within the includes/Classes/Auth.php file. Manipulating the ldap email argument can cause an observable...

PT-2026-24968

Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. Attackers can send GET requests to the katgetir.php endpoint with malicious 'kat' values to...

RHEL 8 : php:7.4 (RHSA-2026:4514)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:4514 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in arraymerge...

CVE-2019-25471

FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ft2.php endpoint. Attackers can upload ZIP files containing PHP shells, use the unzip functionality to extract them into accessible directories, an...

CVE-2026-31895

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in html/matPat/restaurarproduto.php. The idproduto parameter from $GET is directly interpolated into SQL queries without...

CVE-2019-25480 ARMBot Unrestricted File Upload via upload.php

ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. Attackers can upload PHP files with traversal payloads ../publichtml/ to write executable code ...

CVE-2019-25480 ARMBot Unrestricted File Upload via upload.php

ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. Attackers can upload PHP files with traversal payloads ../publichtml/ to write executable code ...