CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

NVD•added 2026/04/27 5:16 p.m.•1 views

CVE-2026-38934

Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settingsprocess.php...

8.8CVSS0.00024EPSS

Exploits0References3

EUVD•added 2025/12/18 12:34 a.m.•1 views

EUVD-2023-60201

ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any user's private files by changing the 'id' parameter in the download request to process.p...

9.8CVSS6.5AI score0.00067EPSS

Exploits1References4

NVD•added 2025/10/27 9:15 p.m.•2 views

CVE-2025-12326

A vulnerability was found in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This vulnerability affects unknown code of the file /process.php of the component POST Request Handler. The manipulation of the argument un results in sql injection. The attack can be launched remotely...

7.5CVSS0.00023EPSS

Exploits1References3

Cvelist•added 2025/10/27 9:2 p.m.•15 views

CVE-2025-12326 shawon100 RUET OJ POST Request process.php sql injection

7.5CVSS0.00023EPSS

Exploits1References3

Positive Technologies•added 2025/10/27 12:0 a.m.•9 views

PT-2025-44045

Name of the Vulnerable Software and Affected Versions shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5 Description A SQL injection issue exists in the POST Request Handler component of shawon100 RUET OJ. The issue is located in the file /process.php and is triggered by manipulatin...

7.5CVSS7.5AI score0.00023EPSS

Exploits1References7

CNNVD•added 2025/10/27 12:0 a.m.•2 views

RUET-OJ SQL注入漏洞

RUET-OJ is an online judge platform by the individual developer Ashadullah Shawon. RUET-OJ suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter un in the file /process.php, which could lead to a SQL injection attack...

7.5CVSS7.7AI score0.00023EPSS

Exploits1References4

NVD•added 2025/08/31 6:15 p.m.•1 views

CVE-2025-9739

A vulnerability has been found in Campcodes Online Water Billing System 1.0. Affected by this issue is some unknown functionality of the file /process.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

9.8CVSS0.00066EPSS

Exploits1References5

CVE•added 2025/08/31 5:32 p.m.•9 views

CVE-2025-9739

The CVE-2025-9739 entry concerns Campcodes Online Water Billing System 1.0. Affected is functionality in /process.php where manipulating the Username parameter enables SQL injection. The vulnerability is exploitable remotely and exploitation/public disclosure is noted across multiple sources. Roo...

9.8CVSS7.3AI score0.00066EPSS

Exploits1References5Affected Software1

Cvelist•added 2025/08/31 5:32 p.m.•8 views

CVE-2025-9739 Campcodes Online Water Billing System process.php sql injection

7.5CVSS0.00066EPSS

Exploits1References5

RedhatCVE•added 2025/05/23 6:58 a.m.•3 views

CVE-2024-37872

SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter...

8.1CVSS8.9AI score0.0008EPSS

Exploits1References1

CNNVD•added 2024/09/05 12:0 a.m.•0 views

PHPGurukul Job Portal 跨站脚本漏洞

PHPGurukul Job Portal is a PHP-based job search website system from PHPGurukul. A cross-site scripting vulnerability exists in PHPGurukul Job Portal version 1.0, which originates from the JOBID and USERNAME parameters in /jobportal/process.php...

6.3CVSS6.1AI score0.00193EPSS

Exploits0References2

CNNVD•added 2024/06/15 12:0 a.m.•2 views

PHP Event Calendar SQL Injection Vulnerability

PHP Event Calendar is open source a multi-user modern event calendar based on AJAX. It is easy to integrate and fully customizable. A SQL injection vulnerability exists in PHP Event Calendar version 1.0, which stems from a security issue in the regConfirm/regDelete function of process.php, which...

9.8CVSS7.9AI score0.00064EPSS

Exploits1References5

OSV•added 2024/06/13 2:15 p.m.•0 views

CVE-2024-37849

A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter...

9.8CVSS6.1AI score

Exploits0References1

OSV•added 2024/04/10 12:15 a.m.•0 views

CVE-2024-3524

A vulnerability, which was classified as problematic, has been found in Campcodes Online Event Management System 1.0. This issue affects some unknown processing of the file /views/process.php. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotel...

5.4CVSS4AI score0.00164EPSS

Exploits1References4

OSV•added 2020/11/17 11:15 p.m.•0 views

CVE-2020-28183

SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php...

9.8CVSS7.3AI score0.01468EPSS

Exploits1References3

OSV•added 2017/10/31 7:29 a.m.•0 views

CVE-2017-15981

Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/adminprocess.php for form editing...

9.8CVSS5.8AI score0.01085EPSS

Exploits5References1