EUVD-2019-20033

PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them...

EUVD-2019-20004

phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fmcurrentdir, and filename parameters. Attackers can send GET requests to index.php with crafted parameter values to access sensitive files...

CVE-2019-25643

eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid parameter to extra...

CVE-2019-25638

Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL payloads in the 'id'...

CVE-2019-25647 PhreeBooks ERP 5.2.3 Remote Code Execution via Image Manager

PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them...

CVE-2019-25647

PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them...

CVE-2019-25641 Netartmedia Vlog System Lastest SQL Injection via email Parameter

Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgottenpassword module to...

CVE-2019-25639 Matrimony Website Script M-Plus Multiple SQL Injection

Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, an...

CVE-2019-25632

phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fmcurrentdir, and filename parameters. Attackers can send GET requests to index.php with crafted parameter values to access sensitive files...

CVE-2019-25630

PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image upload endpoint. Attackers can upload PHP files through the imgFile parameter to the...

CVE-2019-25630

PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager. Authenticated attackers can upload PHP files via the imgFile parameter to bizuno/image/manager and trigger remote code execution through bizunoFS.php. This is a network-accessible issue with high impact on ...

WordPress Comment Genius plugin <= 1.2.5 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Comment Genius versions = 1.2.5...

CVE-2026-4624 SourceCodester Online Library Management System Parameter home.php sql injection

A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated...

CVE-2026-4624 SourceCodester Online Library Management System Parameter home.php sql injection

A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated...

CVE-2026-4624

SourceCodester Online Library Management System 1.0 contains a SQL injection in the Parameter Handler’s /home.php (unknown function) triggered by manipulating the searchField argument. The vulnerability is exploitable remotely and the exploit is publicly available. The CVE notes a medium to high ...

CVE-2026-4624

A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated...

CVE-2026-4623

CVE-2026-4623 affects DefaultFuction Jeson-Customer-Relationship-Management-System up to build 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. The vulnerability resides in the API Module, specifically the file /api/System.php, where manipulation of the url argument enables server-side request forgery (...

SUSE CVE-2026-33204

SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...

CVE-2026-29839

DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability in /systaskadd.php...

PT-2026-27304

Name of the Vulnerable Software and Affected Versions DefaultFuction Jeson-Customer-Relationship-Management-System affected versions not specified Description A security issue has been identified in the API Module component of DefaultFuction Jeson-Customer-Relationship-Management-System...